From 53029475d31804844549775ca7859cf682ca43b0 Mon Sep 17 00:00:00 2001
From: Oleksandr Oliinyk <oleksandr.oliinyk@nordsec.com>
Date: Fri, 24 Jan 2025 15:52:14 +0100
Subject: [PATCH] Mark nat-lab core api certificate as test-only

---
 .unreleased/mark_core_api_cert_as_test_only    | 0
 nat-lab/bin/core-api.py                        | 2 +-
 nat-lab/bin/mqtt-listener.py                   | 2 +-
 nat-lab/data/core_api/README.md                | 4 ++--
 nat-lab/data/core_api/rumqttd.toml             | 4 ++--
 nat-lab/data/core_api/{server.pem => test.pem} | 0
 nat-lab/docker-compose.yml                     | 8 ++++----
 nat-lab/tests/config.py                        | 2 +-
 8 files changed, 11 insertions(+), 11 deletions(-)
 create mode 100644 .unreleased/mark_core_api_cert_as_test_only
 rename nat-lab/data/core_api/{server.pem => test.pem} (100%)

diff --git a/.unreleased/mark_core_api_cert_as_test_only b/.unreleased/mark_core_api_cert_as_test_only
new file mode 100644
index 000000000..e69de29bb
diff --git a/nat-lab/bin/core-api.py b/nat-lab/bin/core-api.py
index cfc5f22d3..88235488a 100755
--- a/nat-lab/bin/core-api.py
+++ b/nat-lab/bin/core-api.py
@@ -23,7 +23,7 @@
     "weight": 1,
 }
 
-CERTIFICATE_PATH = "/etc/ssl/server_certificate/server.pem"
+CERTIFICATE_PATH = "/etc/ssl/server_certificate/test.pem"
 
 MQTT_BROKER_HOST = "mqtt.nordvpn.com"
 MQTT_BROKER_PORT = 8883
diff --git a/nat-lab/bin/mqtt-listener.py b/nat-lab/bin/mqtt-listener.py
index d4aff3b5a..2e72f086d 100644
--- a/nat-lab/bin/mqtt-listener.py
+++ b/nat-lab/bin/mqtt-listener.py
@@ -4,7 +4,7 @@
 import ssl
 import sys
 
-CERTIFICATE_PATH = "/etc/ssl/server_certificate/server.pem"
+CERTIFICATE_PATH = "/etc/ssl/server_certificate/test.pem"
 
 
 def on_message(_client, _userdata, message):
diff --git a/nat-lab/data/core_api/README.md b/nat-lab/data/core_api/README.md
index 0923ad5ba..826e1a332 100644
--- a/nat-lab/data/core_api/README.md
+++ b/nat-lab/data/core_api/README.md
@@ -8,7 +8,7 @@ To generate self-signed certificate execute following:
 ```
 export CERTIFICATE_FOLDER_PATH=/etc/ssl/server_certificate
 
-openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out $CERTIFICATE_FOLDER_PATH/server.crt -keyout $CERTIFICATE_FOLDER_PATH/server.key -subj "/CN=*.nordvpn.com"
+openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out $CERTIFICATE_FOLDER_PATH/test.crt -keyout $CERTIFICATE_FOLDER_PATH/test.key -subj "/CN=*.nordvpn.com"
 
-cat $CERTIFICATE_FOLDER_PATH/server.crt $CERTIFICATE_FOLDER_PATH/server.key > $CERTIFICATE_FOLDER_PATH/server.pem
+cat $CERTIFICATE_FOLDER_PATH/test.crt $CERTIFICATE_FOLDER_PATH/test.key > $CERTIFICATE_FOLDER_PATH/test.pem
 ```
\ No newline at end of file
diff --git a/nat-lab/data/core_api/rumqttd.toml b/nat-lab/data/core_api/rumqttd.toml
index 4e1651997..883e4ce11 100644
--- a/nat-lab/data/core_api/rumqttd.toml
+++ b/nat-lab/data/core_api/rumqttd.toml
@@ -12,8 +12,8 @@ name = "v4-2"
 listen = "0.0.0.0:8883"
 next_connection_delay_ms = 10
     [v4.2.tls]
-    certpath = "/etc/ssl/server_certificate/server.pem"
-    keypath = "/etc/ssl/server_certificate/server.pem"
+    certpath = "/etc/ssl/server_certificate/test.pem"
+    keypath = "/etc/ssl/server_certificate/test.pem"
     [v4.2.connections]
     connection_timeout_ms = 60000
     throttle_delay_ms = 0
diff --git a/nat-lab/data/core_api/server.pem b/nat-lab/data/core_api/test.pem
similarity index 100%
rename from nat-lab/data/core_api/server.pem
rename to nat-lab/data/core_api/test.pem
diff --git a/nat-lab/docker-compose.yml b/nat-lab/docker-compose.yml
index a48a6b8d5..cda70c6bf 100644
--- a/nat-lab/docker-compose.yml
+++ b/nat-lab/docker-compose.yml
@@ -96,7 +96,7 @@ services:
     volumes:
       - ../:/libtelio
       - ./data/teliod:/etc/teliod
-      - ./data/core_api/server.pem:/etc/ssl/server_certificate/server.pem
+      - ./data/core_api/test.pem:/etc/ssl/server_certificate/test.pem
     healthcheck:
       test: "ls /ready"
   cone-client-02:
@@ -619,7 +619,7 @@ services:
       start_period: 5s
     volumes:
       - ./data/core_api/rumqttd.toml:/etc/mqtt/rumqttd.toml
-      - ./data/core_api/server.pem:/etc/ssl/server_certificate/server.pem
+      - ./data/core_api/test.pem:/etc/ssl/server_certificate/test.pem
 
   core-api:
     hostname: core-api
@@ -628,7 +628,7 @@ services:
     environment:
       PYTHONUNBUFFERED: 1
     healthcheck:
-      test: "curl --cacert /etc/ssl/server_certificate/server.pem https://api.nordvpn.com/v1/health"
+      test: "curl --cacert /etc/ssl/server_certificate/test.pem https://api.nordvpn.com/v1/health"
     networks:
       internet:
         ipv4_address: 10.0.80.86
@@ -637,7 +637,7 @@ services:
       mqtt-broker:
         condition: service_healthy
     volumes:
-      - ./data/core_api/server.pem:/etc/ssl/server_certificate/server.pem
+      - ./data/core_api/test.pem:/etc/ssl/server_certificate/test.pem
     dns:
       - 10.0.80.82
       - 10.0.80.83
diff --git a/nat-lab/tests/config.py b/nat-lab/tests/config.py
index ca83752b9..f04f20d34 100644
--- a/nat-lab/tests/config.py
+++ b/nat-lab/tests/config.py
@@ -210,4 +210,4 @@ def get_root_path(path: str) -> str:
 CORE_API_URL = "https://api.nordvpn.com"
 MQTT_BROKER_HOST = "mqtt.nordvpn.com"
 MQTT_BROKER_IP = "10.0.80.85"
-CORE_API_CA_CERTIFICATE_PATH = "/etc/ssl/server_certificate/server.pem"
+CORE_API_CA_CERTIFICATE_PATH = "/etc/ssl/server_certificate/test.pem"