Introduce SECRETLESS_HTTP_CA_BUNDLE environment variable

.gitleaks.toml

@@ -188,6 +188,7 @@ files = [
   "test/pg2_handler/etc/(.*)", # random pg test copy certs (since removed)
   "test/ssh_handler/id_(.*)", # test ssh handler certs
   "test/ssh_agent_handler/id_(.*)", # test ssh-agent handler certs
+  "test/connector/http/generic/certs/(.*)", # test http generic connector certs
   "test/connector/ssh/id_(.*)", # test ssh handler certs
   "test/connector/ssh_agent/id_(.*)", # test ssh-agent handler certs
   "test/ssh/id_(.*)", # since-removed ssh test certs

CHANGELOG.md

@@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+### Added
+- Introduce `SECRETLESS_HTTP_CA_BUNDLE` environment variable, which provides a
+  path to a bundle of CA certificates to append to the certificate pool used 
+  for verification by all http service connectors
+  [#1180](https://github.com/cyberark/secretless-broker/pull/1180)
+
 ## [1.5.2] - 2020-02-24
 
 ### Changed

internal/plugin/connectors/http/proxy_service.go

@@ -5,8 +5,10 @@ import (
 	"crypto/x509"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"net"
 	gohttp "net/http"
+	"os"
 	"regexp"
 
 	"github.com/cyberark/secretless-broker/pkg/secretless/plugin/connector/http"
@@ -80,6 +82,19 @@ func NewProxyService(
 		caCertPool = x509.NewCertPool()
 	}
 
+	if caBundle, ok := os.LookupEnv("SECRETLESS_HTTP_CA_BUNDLE"); ok {
+		// Read in the cert file
+		certs, err := ioutil.ReadFile(caBundle)
+		if err != nil {
+			return nil, fmt.Errorf("failed to append SECRETLESS_HTTP_CA_BUNDLE to RootCAs: %v", err)
+		}
+
+		// Append our cert to the system pool
+		if ok := caCertPool.AppendCertsFromPEM(certs); !ok {
+			logger.Warnf("No certs appended, using system certs only")
+		}
+	}
+
 	transport := &gohttp.Transport{
 		TLSClientConfig: &tls.Config{
 			RootCAs: caCertPool,

internal/proxy_service.go

@@ -21,7 +21,7 @@ func ZeroizeCredentials(backendCredentials map[string][]byte) {
 // TODO: The wisdom of an abstraction for a service that can be stopped/started
 //   is something we want to revisit.  Standard functional command objects might
 //   a better alternative, among other things.  We should revisit where we're
-//   putting interfaces from a first pinciples/best practices perspective,
+//   putting interfaces from a first principles/best practices perspective,
 //   and create some policy around that.  For now, though, these aren't big
 //   problems.
 type Service interface {

test/connector/http/generic/certs/README.md

@@ -0,0 +1,17 @@
+# certs
+
+This folder contains the cert-key pair for the test server.
+
+These cert-key pairs are self-signed and were generated using an
+invocation of openssl similar to this:
+
+```bash
+openssl req \
+  -x509 \
+  -newkey rsa:4096 \
+  -keyout server-key-excluded.pem \
+  -out server-cert-excluded.pem \
+  -subj '/CN=test' \
+  -nodes \
+  -days 365000
+```

test/connector/http/generic/certs/server-cert-excluded.pem

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEnDCCAoQCCQCs+RL4gqtJNzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0
+ZXN0MCAXDTIwMDQwMjEzNDMzNVoYDzMwMTkwODA0MTM0MzM1WjAPMQ0wCwYDVQQD
+DAR0ZXN0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6ziQ8KwNyIkU
+esNg0OaSYKTjVRq/eE1Cfc7B/2cyCmh+yw2ZI/ExqB74YS+nmmLgwGwtiNutyN/h
+4f9En159pqLTJ0gxfJsXIcJ78WuzBrK1wMrG1uGZ8BEz3L2haPRqg23Egd7SrSIk
+0Qct9dn1QfnUAZsRYxdtKcwSaTTGLw3hJRt6lUPl28VT4jVoJRx8OK85x2JkDDxA
+hOT0DqS6mUt8rcIylMxtMgb1zEOCxRNX2bE6XHvofWFsI+oAi4Z9IBZyMb6ktLyG
+W9HcnTWFeDWa6lPmCzw5qNDNz8ulTyu2H4lPyIle7/E3XoZJKgHBzqCij6ImtSgI
+Rf6SZUKaWoQsE+1OLSHIRDm1RV/n4PRY3k/SDIwhHFKAfNb0AYGxkVBKY2A1k7SS
+gkJFH7ZX6FE3JOYSLjjP+IgIFcO9cmXUDGPJ6LCZ/RrmWO5+9sfuDKu7zDd0QhVJ
+gtU382GHoQWpmJJgqZlKTH/JSFh9HYbJ4tZjpwT7MQVoIvR94S0xfy1LZVTVfzgF
+Gh5DaTwxyVBjIIjaFEsqFuZePSgE2fhEEeEJdgZoaIEYKy/d080i8czd7WMLkG7c
+p1RoWCSyz6DgSG306NmQKSBgvuOJ/80zSbUB/kdVNbpVJFujequwqphIfdtV8ldI
+5nDtnLVbsMGSOX8U8sgzIGo3k+zj8ycCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEA
+0pTT1nsqCtUFXC/TXdYFr+PCoNOoGX/Js+ZVrUfolBPlbL65wDr0SM0owutRkcwx
+6aBPLDy2YLzKcuJ+Op0qWFI+qR4Dg1TH5CEDd63P4bUOvwrM+hBLIN5RGH7vIAgZ
+IFsVlGzBL07H/z6rxaC2/ZaDXxTUHHwowrxB1j3VSOtiMQzi4CPagsepcA/x+W67
+SCrMiaFYSdSkqphuZXaZbcOKW7B38rdp7hD5O/dbk5Ho9qBGO8oqoPh5cRbwbMps
+cx4WBG9yLDvD+uwnuVajJDm7AoU9Y+zJTGq5kXYu8BLanT2QzKLJOxN4NAW3tGD0
+hdnYvAhhE2LVDCcVgtdnm/slE8NSLxjSxgXx9bw3f6KxGHWEwBQlL3Aa/8qsPoAe
+Z7eJMTh3/wDzDf0nEOMW/axo/T9gxPZez0To4QzZ98S5ConwoJE8Lxx8t5KaTMwc
+qm6d/DtApcoJRrS57oahMJjn/YqB8aX17aCy8vQcee+ZfRb7dPK93FlTTx3kIJ1z
+0HCZD1+YgKLEfhvdk/fcBfBRXzlxgzDVLnQMQ7QYj8cp0Rr6MBwc/QHL5GLPzWHA
+nXsmE0EpDmOAdxY7R8jiiC5a3SqN4iucC7Y8b6zHvUwpNQEqYTsRlwWgmASGRxws
+kELI9dBvcuoUXkCGH4G7P97qIDbjpW1njH4dtduXq/A=
+-----END CERTIFICATE-----

test/connector/http/generic/certs/server-cert-included.pem

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEnDCCAoQCCQC5Mj7R6rRN6jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0
+ZXN0MCAXDTIwMDQwMjEzNDMxOVoYDzMwMTkwODA0MTM0MzE5WjAPMQ0wCwYDVQQD
+DAR0ZXN0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs303IvOswLX7
+jmqpFtwZ4tm2D3g8DBQHOqAM5FJ/aIieMY1Y3lGNLCe+xydibhYQbItKyJM15P9q
+17ihuzIU32JI8NsPpNoeHX+gAoK0Ac0Yx94ar+kkokWPYD1Tq/5E/jolwbKoj57c
+of8PwhFzdn5p5avCQk2xMNWD4sNh6zjjOf/7E5iyiK4TZeVyJDrJMuaTXWM+U+Ws
+TWpDZsvMZ4jXSHgYM8KmYHNg6gn+Nlkc81+ttcgoE6CQUtlxWvdqZkuzkq2Ny9hr
+AExF/7C6LBgb8j8HKaMd9WPVqZlxinGMfbZiBVLCc9d8hOdFPoENAI6MCO5WLcwy
+6yTGzhtaLdgZ2tRL0z07RECWnIqYaLcuOHu9DirwpbGGTRrYLY3SNZIEvgP5gGoX
+JJOB0UM6BP7ApMcbdXejkSokuG3wZ11fxdewb//maqeMyuFUGfw03o0Pe15l6mAg
+4rY5D7JAC9kuZ+QeyX6YytFtZBGZmR06KxuJ58ZelF8ylz2fpPDSFpcP2haIfFCk
+40U+UC/tS6lf4R1tIfNd25ma/R6mERrR8411Jwm8nCF7YxgrbX1NDDkyM2ok+NY8
+5GVPhPirTWzIL/SDBGs/5lfB6YjV3nxgGyDQ7bAnp6M/hLPH2vKDosVB9Cubp6pf
+7X39zsj5ZzvgpSDwLKVNpW0KCzn3JaMCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEA
+Pg8WOg9By7u7x1aRn8IIEJjwQ6qkxycBuVPT1V9MQuI4u1Ai63n90W/C3UPdIWuh
+zXxopvg9OBM2ZZstNsOFdgKEJgkt63iribUiLoo+Jk9lapy8YNT5M7c2WmNRu+gP
+3etSUbBcjBLvubDex7Hve/4heyasMRNo46LnheKy7cGiLJJk/IY/Au5qPUVUWZh7
+A601O1Qs7fbl1lRL9VKTdEM16Fc1+dwe7KgG7lqwQYkm0uYIWZHPh69iDlsxTnDj
+eQNcG0zvy5uRsTXDRJECAQ12YYmT4ScqCOxaev7ZobHnI2Fis/RDulH6w3U/nafy
+xl1QtaCM35Xwd2qarhciZfDjgRLL/5H49eDVjW+TxyDG7wyiumepRuOGKCmfUUXy
+3El9TALMPp6Ns1h7fwect7X0XHpkAvU3s812+UmNHvN12D0eNPdxUc4Jqfc3N294
+r32UU7pezYchoVDut0xdLPNMPAluv3Lxqs0/ArsIyK0HYOAaRbel3Twnr+pDAj5p
+5K7XUzhY/ufK5CH2Ypu0uO5xkePxQanE2zXzvGPLENAd1XSLwcAZTXxoid4fm63C
+2VPhMvh/f/r3ojJPpenJFNPVEPtWE2AMga+I+NSMhP3y3XbkR3lvUy5mH3LuzVXJ
+/f8J0osZxqGz0G7dKbYLEaJANOngnEDpbFgVRt0njgM=
+-----END CERTIFICATE-----

test/connector/http/generic/certs/server-key-excluded.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDrOJDwrA3IiRR6
+w2DQ5pJgpONVGr94TUJ9zsH/ZzIKaH7LDZkj8TGoHvhhL6eaYuDAbC2I263I3+Hh
+/0SfXn2motMnSDF8mxchwnvxa7MGsrXAysbW4ZnwETPcvaFo9GqDbcSB3tKtIiTR
+By312fVB+dQBmxFjF20pzBJpNMYvDeElG3qVQ+XbxVPiNWglHHw4rznHYmQMPECE
+5PQOpLqZS3ytwjKUzG0yBvXMQ4LFE1fZsTpce+h9YWwj6gCLhn0gFnIxvqS0vIZb
+0dydNYV4NZrqU+YLPDmo0M3Py6VPK7YfiU/IiV7v8TdehkkqAcHOoKKPoia1KAhF
+/pJlQppahCwT7U4tIchEObVFX+fg9FjeT9IMjCEcUoB81vQBgbGRUEpjYDWTtJKC
+QkUftlfoUTck5hIuOM/4iAgVw71yZdQMY8nosJn9GuZY7n72x+4Mq7vMN3RCFUmC
+1TfzYYehBamYkmCpmUpMf8lIWH0dhsni1mOnBPsxBWgi9H3hLTF/LUtlVNV/OAUa
+HkNpPDHJUGMgiNoUSyoW5l49KATZ+EQR4Ql2BmhogRgrL93TzSLxzN3tYwuQbtyn
+VGhYJLLPoOBIbfTo2ZApIGC+44n/zTNJtQH+R1U1ulUkW6N6q7CqmEh921XyV0jm
+cO2ctVuwwZI5fxTyyDMgajeT7OPzJwIDAQABAoICAQCE+jOme/5G0ohLZs0DDHbQ
+QCds43Q/VJ40dYDjHLoDfFPCA2wCD8cc3nVYrBI6i4+3+PA9IMQ8faU7mI548nhi
+jkaFPKENarhHE6XyNAq/zKRH29tRe7UFLRR+xI3Nwe+9YX7oVMoRqu3ZZg+rn46x
+v8UFK19G/+Vs7buy0m0ACP6xdbl1TS9TcVkc10iLQnFPsnAdshgReraW6sC2zpXX
+N//CU7k4ueE5mQm4cqopM+hEX5c41av3xe3W1+F6/4sZatcgHEENFE949UmdbraH
+4PY1Zzz0ORX3xCO2R9Cq03FgnsYF/vM2/s1omM4f+2JPqCx+uxLa80jKGUM2D9Mm
+J30OYXzM4MVfKrPpQt8T1YRnGn+5l/j3RH5ibc8pEWa0w6yO8dNGlEDZoiQ4ge5K
+RWEMmRi/DOZI0uiKRCbF7e9yp76JCtBAhrqL5f2Ho9md+mpiscDaunL114pg+UpR
+vsmZlqZ8I1FMEFtNng+QCuDbO/BDfHl2yWBH6IDXnk8aGdb68P932qjCtqGtnf6S
+N8duc9Q656eW1tfEdAQTSsMll3PpX+Xkdwj1USB6D1RTkrr+OiwzV2YY8kN25Zs/
+a6TWGpq6oo4LFJXsTqXdsZkandXgMinM1S/9bo2eueyiqgzD1P3FjLzg7dEFluQw
++A1oY2XkSKzBt/rVJUWhIQKCAQEA+C1HxYJNsd0xbe/tS0OmkEUN4BmGB3P7LyAD
+hw8KOZggfFpNCbPBmSUhqF+e9bmQGy2Ooogvt7Y5Z35bfRqhYzVPNwhsVuNogdWa
+eTxgdXHv1nW22IYY595ELMJUFSeHefVSkx9sgzuiJpkk8hnzsrHUUqUPKc9zisEE
+wtYSwva+SKRdFd66rUSXL7e1rF799hFqmqBIGxJBVc7y2J642sxp1W7r8k2EVQb+
+Xmr5IcWBn8ev0drY5vaMCcHJjQbcWMM2z9u351/GtOflGkeLjwgb1sms6U8AUJUu
+XwjoNxwSVPcadz3slPx8i+tPZSu0ZsO1BC3AAg5LQe9kYEf3PwKCAQEA8qK8MMjU
+ftBHS2ImffgFyoRokLqjn56qgSDishihNkYzKgWnmjEdMJ2wnv8sqWkgJiZtfwyD
+4CAwL+/bYcF+kvOjy2tRXQ/0G/P+67VGZX3FqV4mF08HpKOVXq1rpQQx+GkGhiEe
+EEHUB4VqoNkb9v62KckETcfKj1/J0pMQGnJNvtJrQqol/m2PMZDhwvP5AkebdUog
+dToaM5SIWIsn2mLbLA3ziKy8eiKyAbTjRCkq+eym6pjqsTHDns51byckHMnoJm65
+JxWFw8+g/9ECnI/WIzOspICD4qJbIBydiqBdWN2uY6eEVshOBDoRAcr3+OxH60BA
+UBfotNU3Yk2yGQKCAQEAi5nk8nweujtjb6TzxU+TpTnC2VliJFUgaVzHvzQ9mzIw
+q+KbzSZZc40Ihs7q+uxb3H3e6xxSQzP0zHuueQv+1nCJU7qgPqwDAG2oTCQjWk0y
+DV//74JXBi7oCIlzhMbMlVTjEzEs+BEWYEHrH2hrxgv0FF0Wz30LUHTM+dAzk4n6
+daBHYGL+fTLFHKlpP0Hb94vKfJpGlTvKlrsnraRy9Vjg+5c+j/j8xFt/wJrJ8y5H
+gRpxk0lYk2sCUQa6GmNOlXuSHJBKvZMJkn+TRxoRre5wwnyFkGPJGIsiH4FCJqXa
+xgKN1590skXoxUgjTBSukNPrwiL+C+oAeWFxBBvXPwKCAQBDwVfmE57rTsQp892l
+3aXYWMNObyAUCd25M3K6oxAZtN7CxFN6Rm7NTautqrpREI8uuBppmRgWdUafjE5p
+7Puok6rQukY9Q6A6UheEwNlIrCePVUAz0BjlS90BVFI0AYjmwoVU3Vik140bEJGn
+GxmpDpXV81FlWv5grTIRwImFqRe2ytGzCwqTEwsinz+8Dh8iGNb7mNiZg8EfWEH+
+39UgMezcT4ULTJlRTfEBcv7n4MskgYZXCp63Hptu9F5szLRT6boPSWog1OzGsmtW
+JIqjJ7N3nw193nl1xzrFK9h+hquqjjUNlRDqnwLSQVjQdFpsw6aNtiJ/ez27ibLu
+m525AoIBAGnlDh3oxuN6hWylJK1zHH2RjDFqlcL0DK1pRP+OosI6sNoqslD1zXx4
+v8cy4Xb8WQdsNxDIIsfPfqu9O6djMuekgqJ9Objpy7YbOoNlj0CC1ctGyfKM2D23
+bAugfEETUiwQXZssr6uhOeICPoGDToiMpY1nyTURn3LHNSoJlzfmage6Mk6fJb6o
+6I77hCqs9sjIQX2nHeB5gPC9bNCf20K+nTp9wiY2RFzWcklIL6meP/om0gmwNV+d
+Aq2jhFnh6E1AKISJHEUWU62sfMZCdJHD4lx4Z3Dsndgnc7d70ZMncxsMvnjpIkI2
+IkX4GlDLo6wkXd79esfT4QnDomxCwJs=
+-----END PRIVATE KEY-----

test/connector/http/generic/certs/server-key-included.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCzfTci86zAtfuO
+aqkW3Bni2bYPeDwMFAc6oAzkUn9oiJ4xjVjeUY0sJ77HJ2JuFhBsi0rIkzXk/2rX
+uKG7MhTfYkjw2w+k2h4df6ACgrQBzRjH3hqv6SSiRY9gPVOr/kT+OiXBsqiPntyh
+/w/CEXN2fmnlq8JCTbEw1YPiw2HrOOM5//sTmLKIrhNl5XIkOsky5pNdYz5T5axN
+akNmy8xniNdIeBgzwqZgc2DqCf42WRzzX621yCgToJBS2XFa92pmS7OSrY3L2GsA
+TEX/sLosGBvyPwcpox31Y9WpmXGKcYx9tmIFUsJz13yE50U+gQ0AjowI7lYtzDLr
+JMbOG1ot2Bna1EvTPTtEQJaciphoty44e70OKvClsYZNGtgtjdI1kgS+A/mAahck
+k4HRQzoE/sCkxxt1d6ORKiS4bfBnXV/F17Bv/+Zqp4zK4VQZ/DTejQ97XmXqYCDi
+tjkPskAL2S5n5B7JfpjK0W1kEZmZHTorG4nnxl6UXzKXPZ+k8NIWlw/aFoh8UKTj
+RT5QL+1LqV/hHW0h813bmZr9HqYRGtHzjXUnCbycIXtjGCttfU0MOTIzaiT41jzk
+ZU+E+KtNbMgv9IMEaz/mV8HpiNXefGAbINDtsCenoz+Es8fa8oOixUH0K5unql/t
+ff3OyPlnO+ClIPAspU2lbQoLOfclowIDAQABAoICADs0yKU83/VJkksuH8ysmdVc
+n1OHA7ewO5o5BUejdueSeSw7Rd8/42N3UNT8xtktagmEAQ0ckiCRqDq0apUHNh9h
+mlHo0MY+NMTiPnPVjW8yqkPznbX9H9pvO5YxZJJNc5CwuZelSTjm3DyLmDUZ8I5b
+sK7T82ZPnm1PYQvCC2C+CSYurDGQowO2+CsafoY45flmWaHqhLrD/gwjS0xzWV+l
+oe4Dv2gDg0I5jPRmi3Z9+rDFFNXrylx/EFxj4aJyDqTjv75YhXeCUfltL4HiV+cH
+pOBJriEr70vsvKQPO4bBYeht6vN6ky4HHMnyR8MQaquOWd7wT3kX7IvoO7PtDdeY
+EBBRbcp7XoXKnBrCwGVF8Ba3hUpM1u4QyGrRxBOTwCT+rJqI3FkSfP4F3F3+lzeO
+WNrLeYl1Ft6fwnZj9GoGtp6iAClSF/T36pX9XFotCxQp1SS04KMg4XpGV1Bkyvut
+tBrhqUhkJx1rMnE8/wGa5rgYaGZlRHPeCszc6mcL2Lgi1ibAmSmLpQ46W5imyEGS
++jWAQBYkrtWp/jTaSejoNVDBVH6wwhLdbsV70XvOrbWOIAbO49nJh2o9EWERuF3a
+Od+kGGYd6cikAcwl+p5Ar841XbL4UnypbEJJcp99anqOlePIv/zczn5zKUlx/hVx
+m54ByZ5JlGLLC79oMBORAoIBAQDWu9tMaA1BJlRFIXZbrDyrbUANaCFTYC1K7OdG
+ti1s2dVduo/hm39Ypz39gjvJ4+R2/7ddBT7Le5L53sv4KOnTkgIqhys0eURHWP7t
++KSaSCa1Lbba4JNR2fl7Qc7val+XloYgbBXliV+rP/ErRV9YQGNuFHrPk8PpQtOd
+2hkMU9GeeATOhx6PIgM2b1ycPH7FcWVSpZ/cKUURKRKOJtdWH4Jv5Y6XJYmerUFU
+nNOPFKbr4UZvv3hDC82mDNchWmuAAWudqEatNmG4Zd5urqpDoUaX6f104KR/gh1g
+bT8p717yeU23eia23K6LyjU0SJF1kiM8zlHwiGNZBwAuSHs9AoIBAQDV+3HV7Ve+
+6vq4q4j1f7kOafiyNbxJ0y1lpWkGGGqRC8mu1dqbc++ypzJdUWnoZl9ed7Tsmu1v
+KofPA482G3NFELP3csqzZUxFihon3E4G5HAqMSBQBBi5q7JDEhQFUqvYcGTPg7Ax
+r4DpN3ZE/a1lSeQb0fMK/BBCaoHnivPo2pb4YGTSJ6lYdzlmlVEBdH8rLO65lvON
+KecGZdnik5p39VZwjvSujIODVJ9OPSgUbaJuqwg6PZxE1LlhEugpYzgOdVHBsT6O
+RI49nFHfXEbqopCMRC2ewajtrqDVcG8ddn6YKSJiXt+bTCpwmyOYiHv3+6pZtDJY
+p9aVV/fu9bJfAoIBAQCQn2c8l5vNtC3vfXEEnwUhg+wu22IOkGkQ3GuLwWjotfGx
+NdRv41WqdMEYe10fRWB7EREDEmRPkcPUjEydr5iESQMyd2UO61mkH/ladysNSejf
+/5D262ftKbyQWiswLlmBc/yT25gHxzTq1p7sQMXNX1hYLGzmXyQEd2ClIN3b4pv8
+eeLq4jAfwI2fXPNnuoq7Gfte5XO8SQNeYmY/3UMMmx4zlM0rWTnN5+xnO1R1OjiO
+B2R0IOWzakCwRFej/A0I4mwDe/FV+ZlpIxrjOror4HP2Hr74t8+ynQSCDDINYU12
+S2KfXyKx6AGa3q5krzdgkvMuodqoAIPA0yk5AtIVAoIBAC8p7cxWNOnqxvpfLJ/X
+2AUaTGuTNn4bIr1tuPlT9mEj9P8pObbb1fBNs+cno61KqyiaP/GKsFy5RhfV1AH8
+COsnJFOdJJpn8Gi/aMZyY2xXe3WBQHsCfCSoeHEaEfmeYCwjkcS/ZN1+rm45AENy
+mn5hy/ppyyUXq8nHyfwr/1jKnU3/iRldDpFmLeuza5hjgggVLkUPxXzOyJH7bwvm
+trxMAhJrH/k9FVukEjzfc+8UvyGfZv/XRpNRQ87mqO8+ZEOjjjKgC4a2C5f+1Xji
+0Oq0jCGugVOlocNJoz+IOaWH0Z1eK6r8+FI1doE9YJolMxXUjZaaBiLOU5i1O/ua
+ggcCggEAcidk2WT2ZFKhJ+xgFKJlB7iv+/zT81qXCmEfBVwuS1MKcpUIHkYhAztc
+LSQkoyy602SXlUOnT41MkuQQkD0/fo0tg4FhIJsPAODzyC+N1ycx/b0F+SYUdSEP
+aZvim8vnawwJfclhKktMVORjpIrAjQLcsGUHVJF0hXDC1Ug0/ylDF5NBz7dpO1Yf
+WxbZyRx3SHwEByLyJ+i6RJOAnoF3/XlTYPIBgsRBiQjA/OYhYg8/2vsEGUA4FhQX
+2i53mqS8/776qO2vNucur9o4XJK5WqoM6OlkNaPSQR5H0sFhHirnuqEPIqNOoPzA
+3I0HahCWGo5yK/cwal2u1+3H4CtA4Q==
+-----END PRIVATE KEY-----

test/connector/http/generic/docker-compose.yml

@@ -1,31 +1,21 @@
 version: '3.0'
 
 services:
-  nginx:
-    image: nginx:stable-alpine
-    ports:
-      - 8080
-    healthcheck:
-      test: ["CMD-SHELL", "curl localhost:8080/test"]
-      interval: 1s
-      timeout: 30s
-    volumes:
-      - ./http-basic-auth.conf:/etc/nginx/conf.d/default.conf:ro
-      - ./basic_auth.htpasswd:/etc/nginx/.htpasswd:ro
-
   secretless:
     build:
       context: ../../../..
     entrypoint: "/usr/local/bin/secretless-broker -debug"
+    environment:
+      SECRETLESS_HTTP_CA_BUNDLE: /secretless/test/connector/http/generic/certs/server-cert-included.pem
     volumes:
       - ./secretless.yml:/secretless.yml
       - ../../../..:/secretless
-    depends_on:
-      - nginx
 
   test:
-    image: alpine:latest
-    command: wget -q -O- nginx:8080/
+    image: secretless-dev
+    entrypoint: sleep infinity
+    volumes:
+      - ../../../..:/secretless
     depends_on:
       - secretless
 

test/connector/http/generic/http_constants.go

@@ -0,0 +1,17 @@
+package generic
+
+const serverHostname = "test"
+
+const serverCertIncluded = "certs/server-cert-included.pem"
+const serverKeyIncluded = "certs/server-key-included.pem"
+const serverCertExcluded = "certs/server-cert-excluded.pem"
+const serverKeyExcluded = "certs/server-key-excluded.pem"
+
+const fromProxyUsername = "someuser"
+const fromProxyPassword = "testpassword"
+
+const serverResponseOK = "Secured resource."
+const serverResponseUnauthorized = "Unauthorized."
+
+const proxyHTTP = "http://secretless:8080"
+const proxyHTTPS = "http://secretless:8081"