diff --git a/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/IntegrationTest/.gitignore b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/IntegrationTest/.gitignore
index feada15042..7d22533a25 100644
--- a/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/IntegrationTest/.gitignore
+++ b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/IntegrationTest/.gitignore
@@ -1,3 +1,7 @@
# Self-signed cert generated by integration test
otel-collector.crt
otel-collector.key
+otel-client.crt
+otel-client.key
+otel-untrusted-collector.crt
+otel-untrusted-collector.key
\ No newline at end of file
diff --git a/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/IntegrationTest/create-cert.sh b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/IntegrationTest/create-cert.sh
index c0821abc46..6b6749a713 100755
--- a/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/IntegrationTest/create-cert.sh
+++ b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/IntegrationTest/create-cert.sh
@@ -12,6 +12,38 @@ cp /otel-collector.crt /otel-collector.key /cfg
chmod 644 /cfg/otel-collector.key
+# Generate client certificate for mTLS
+echo "\
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+" > /client_ext.cnf
+
+openssl req -new -newkey rsa:2048 -days 365 -nodes \
+ -subj "/CN=otel-client" \
+ -keyout /otel-client.key -out /otel-client.csr
+
+openssl x509 -req -in /otel-client.csr \
+ -CA /otel-collector.crt -CAkey /otel-collector.key \
+ -out /otel-client.crt -CAcreateserial -days 365 -sha256 \
+ -extfile ./client_ext.cnf
+
+cp /otel-client.crt /otel-client.key /cfg
+chmod 644 /cfg/otel-client.key
+
+# Generate an self-signed certificate that is NOT included in the test runner's trust store
+# Generate self-signed certificate for the collector
+openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 \
+ -subj "/CN=otel-collector" \
+ -keyout /otel-untrusted-collector.key -out /otel-untrusted-collector.crt
+
+cp /otel-untrusted-collector.crt /otel-untrusted-collector.key /cfg
+chmod 644 /cfg/otel-untrusted-collector.key
+
# The integration test is run via docker-compose with the --exit-code-from
# option. The --exit-code-from option implies --abort-on-container-exit
# which means when any container exits then all containers are stopped.
diff --git a/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/IntegrationTest/otel-collector-config.yaml b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/IntegrationTest/otel-collector-config.yaml
index f479ebe4ad..806ede44a0 100644
--- a/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/IntegrationTest/otel-collector-config.yaml
+++ b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/IntegrationTest/otel-collector-config.yaml
@@ -23,6 +23,32 @@ receivers:
tls:
cert_file: /cfg/otel-collector.crt
key_file: /cfg/otel-collector.key
+ otlp/untrustedtls:
+ protocols:
+ grpc:
+ endpoint: 0.0.0.0:6317
+ tls:
+ cert_file: /cfg/otel-untrusted-collector.crt
+ key_file: /cfg/otel-untrusted-collector.key
+ http:
+ endpoint: 0.0.0.0:6318
+ tls:
+ cert_file: /cfg/otel-untrusted-collector.crt
+ key_file: /cfg/otel-untrusted-collector.key
+ otlp/mtls:
+ protocols:
+ grpc:
+ endpoint: 0.0.0.0:7317
+ tls:
+ cert_file: /cfg/otel-collector.crt
+ key_file: /cfg/otel-collector.key
+ client_ca_file: /cfg/otel-collector.crt
+ http:
+ endpoint: 0.0.0.0:7318
+ tls:
+ cert_file: /cfg/otel-collector.crt
+ key_file: /cfg/otel-collector.key
+ client_ca_file: /cfg/otel-collector.crt
exporters:
debug:
@@ -31,11 +57,11 @@ exporters:
service:
pipelines:
traces:
- receivers: [otlp, otlp/tls]
+ receivers: [otlp, otlp/tls, otlp/untrustedtls, otlp/mtls]
exporters: [debug]
metrics:
- receivers: [otlp, otlp/tls]
+ receivers: [otlp, otlp/tls, otlp/untrustedtls, otlp/mtls]
exporters: [debug]
logs:
- receivers: [otlp, otlp/tls]
- exporters: [debug]
+ receivers: [otlp, otlp/tls, otlp/untrustedtls, otlp/mtls]
+ exporters: [debug]
\ No newline at end of file
diff --git a/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests.csproj b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests.csproj
index ed31a95036..47a7dd6846 100644
--- a/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests.csproj
+++ b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests.csproj
@@ -4,6 +4,25 @@
$(TargetFrameworksForTests)
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/gen_test_cert.ps1 b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/gen_test_cert.ps1
new file mode 100644
index 0000000000..ab60ee4b15
--- /dev/null
+++ b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/gen_test_cert.ps1
@@ -0,0 +1,90 @@
+using namespace System.Security.Cryptography;
+using namespace System.Security.Cryptography.X509Certificates;
+
+param (
+ [string] $OutDir
+)
+
+function Write-Certificate {
+ param (
+ [X509Certificate2] $Cert,
+ [string] $Name,
+ [string] $Dir
+ )
+
+ # write cert content
+ $certPem = $Cert.ExportCertificatePem();
+ $certPemPath = Join-Path $Dir -ChildPath "$Name-cert.pem";
+ [System.IO.File]::WriteAllText($certPemPath, $certPem);
+
+ # write pkey
+ [AsymmetricAlgorithm] $pkey = [RSACertificateExtensions]::GetRSAPrivateKey($Cert);
+ [string] $pkeyPem = $null;
+
+ if ($null -ne $pkey) {
+ $pkeyPem = $pkey.ExportRSAPrivateKeyPem();
+ }
+
+ if ($null -eq $pkey) {
+ $pkey = [ECDsaCertificateExtensions]::GetECDsaPrivateKey($Cert);
+ $pkeyPem = $pkey.ExportECPrivateKeyPem();
+ }
+
+ if ($null -eq $pkeyPem) {
+ return;
+ }
+
+
+ $pKeyPath = Join-Path $Dir -ChildPath "$Name-key.pem";
+ [System.IO.File]::WriteAllText($pKeyPath, $pkeyPem);
+}
+
+$ca = New-SelfSignedCertificate -CertStoreLocation 'Cert:\CurrentUser\My' `
+ -DnsName "otel-test-ca" `
+ -NotAfter (Get-Date).AddYears(20) `
+ -FriendlyName "otel-test-ca" `
+ -KeyAlgorithm ECDSA_nistP256 `
+ -KeyExportPolicy Exportable `
+ -KeyUsageProperty All -KeyUsage CertSign, CRLSign, DigitalSignature;
+
+
+try {
+ Write-Certificate -Cert $ca -Name "otel-test-ca" -Dir $OutDir;
+ $serverCert = New-SelfSignedCertificate -CertStoreLocation 'Cert:\CurrentUser\My' `
+ -DnsName "otel-test-server" `
+ -Signer $ca `
+ -NotAfter (Get-Date).AddYears(20) `
+ -FriendlyName "otel-test-server" `
+ -KeyAlgorithm ECDSA_nistP256 `
+ -KeyUsageProperty All `
+ -KeyExportPolicy Exportable `
+ -KeyUsage CertSign, CRLSign, DigitalSignature `
+ -TextExtension @("2.5.29.19={text}CA=1&pathlength=1", "2.5.29.37={text}1.3.6.1.5.5.7.3.1");
+
+ try {
+ Write-Certificate -Cert $serverCert -Name "otel-test-server" -Dir $OutDir;
+
+ $clientCert = New-SelfSignedCertificate -CertStoreLocation 'Cert:\CurrentUser\My' `
+ -DnsName "otel-test-client" `
+ -Signer $ca `
+ -NotAfter (Get-Date).AddYears(20) `
+ -FriendlyName "otel-test-client" `
+ -KeyAlgorithm ECDSA_nistP256 `
+ -KeyUsageProperty All `
+ -KeyExportPolicy Exportable `
+ -KeyUsage CertSign, CRLSign, DigitalSignature `
+ -TextExtension @("2.5.29.19={text}CA=1&pathlength=1", "2.5.29.37={text}1.3.6.1.5.5.7.3.2");
+ try {
+ Write-Certificate -Cert $clientCert -Name "otel-test-client" -Dir $OutDir;
+ }
+ finally {
+ Get-Item -Path "Cert:\CurrentUser\My\$($clientCert.Thumbprint)" | Remove-Item;
+ }
+ }
+ finally {
+ Get-Item -Path "Cert:\CurrentUser\My\$($serverCert.Thumbprint)" | Remove-Item;
+ }
+}
+finally {
+ Get-Item -Path "Cert:\CurrentUser\My\$($ca.Thumbprint)" | Remove-Item;
+}
\ No newline at end of file
diff --git a/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/gen_test_cert.sh b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/gen_test_cert.sh
new file mode 100644
index 0000000000..a173c1a50e
--- /dev/null
+++ b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/gen_test_cert.sh
@@ -0,0 +1,46 @@
+# ca
+openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 \
+ -subj "/CN=otel-test-ca" \
+ -keyout $1/otel-test-ca-key.pem -out $1/otel-test-ca-cert.pem
+
+# server cert
+echo "\
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth
+" > $1/server_cert_ext.cnf;
+
+openssl req -new -newkey rsa:2048 -sha256 \
+ -keyout $1/otel-test-server-key.pem -out $1/otel-test-server-csr.pem -nodes \
+ -subj "/CN=otel-test-server"
+
+openssl x509 -req -in $1/otel-test-server-csr.pem \
+ -extfile $1/server_cert_ext.cnf \
+ -CA $1/otel-test-ca-cert.pem -CAkey $1/otel-test-ca-key.pem -CAcreateserial \
+ -out $1/otel-test-server-cert.pem \
+ -days 3650 -sha256
+
+# client cert
+echo "\
+basicConstraints = CA:FALSE
+nsCertType = client, email
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+extendedKeyUsage = clientAuth, emailProtection
+" > $1/client_cert_ext.cnf;
+
+openssl req -new -newkey rsa:2048 -sha256 \
+ -keyout $1/otel-test-client-key.pem -out $1/otel-test-client-csr.pem -nodes \
+ -subj "/CN=otel-test-client"
+
+openssl x509 -req -in $1/otel-test-client-csr.pem \
+ -extfile $1/client_cert_ext.cnf \
+ -CA $1/otel-test-server-cert.pem -CAkey $1/otel-test-server-key.pem -CAcreateserial \
+ -out $1/otel-test-client-cert.pem \
+ -days 3650 -sha256
\ No newline at end of file