Added demo cert and key files

[asifsmohammed]

Signed-off-by: Asif Sohail Mohammed nsifmoh@amazon.com

Description

• Added demo crt and key files
• Updated release gradle to copy the files to release archive

Command used to generate the files as documented here:

openssl req -x509 -sha256 -nodes -days 1095 -newkey rsa:2048 -subj "/L=test/O=Example Com Inc./OU=Example Com Inc. Root CA/CN=Example Com Inc. Root CA" -config openssl.conf -keyout default_private_key.pem -out default_certificate.pem

Issues Resolved

Contributes towards #1699

Check List

• New functionality includes testing.
• New functionality has been documented.
  • New functionality has javadoc added
• Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov-commenter]

Codecov Report

Merging #1813 (bc952f1) into main (27e39d2) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##               main    #1813   +/-   ##
=========================================
  Coverage     93.94%   93.94%           
  Complexity     1472     1472           
=========================================
  Files           188      188           
  Lines          4307     4307           
  Branches        355      355           
=========================================
  Hits           4046     4046           
  Misses          177      177           
  Partials         84       84           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[dlvenable]

Can you add a README to the examples/certificates (or update one if it exists) and add the command you ran to generate the certificate. This will help the maintainers who one day have to re-generate these certificates.

Also, we may not want to be using the "test" certificate for the default. If we are keeping them the same, I'd recommend that we invert this relationship such that "test" is using the "examples/certificate".

[asifsmohammed]

Also, we may not want to be using the "test" certificate for the default. If we are keeping them the same, I'd recommend that we invert this relationship such that "test" is using the "examples/certificate".

I'm not sure if I understood it completely. So we want't to use these certificates in Core Peer Forwarder tests as well? Do we need a separate Openssl configuration in this directory?

Also in the command the CN used it CN=Example Com Inc. Root CA but the openssl.conf has CN = data-prepper.example.com. Is it supposed to be that?

[dlvenable]

I'm not sure if I understood it completely. So we want't to use these certificates in Core Peer Forwarder tests as well? Do we need a separate Openssl configuration in this directory?

I meant that rather than having the examples using the openssl.conf file from data-prepper-core tests, we should have this file in examples/certificate. Then the data-prepper-core tests can use the file from there. The reason I say this is that we shouldn't change the default certificate too much since it is external, but we have freedom to change the test certificates since they are only internal. The change I suggested should help communicate more clearly that this certificate configuration is important beyond the tests.

Also in the command the CN used it CN=Example Com Inc. Root CA but the openssl.conf has CN = data-prepper.example.com. Is it supposed to be that?

I'm not sure we need the CN to be data-prepper.example.com. We do want a SAN for this though. And you have that in the alt_names` section.