From 9b72a518f94d3a3964c3e590536b47fa407b9235 Mon Sep 17 00:00:00 2001
From: Pavol Loffay <ploffay@redhat.com>
Date: Wed, 13 May 2020 20:58:44 +0200
Subject: [PATCH] Add Jaeger receiver and exporter TLS tests (#962)

* Add Jaeger receiver and exporter TLS tests

Signed-off-by: Pavol Loffay <ploffay@redhat.com>

* Fix lint

Signed-off-by: Pavol Loffay <ploffay@redhat.com>
---
 exporter/jaegerexporter/exporter_test.go      | 107 ++++++++++++++++++
 exporter/jaegerexporter/testdata/ca.crt       |  23 ++++
 exporter/jaegerexporter/testdata/client.crt   |  18 +++
 exporter/jaegerexporter/testdata/client.key   |  15 +++
 exporter/jaegerexporter/testdata/server.crt   |  18 +++
 exporter/jaegerexporter/testdata/server.key   |  15 +++
 receiver/jaegerreceiver/jaeger_agent_test.go  |   4 +-
 receiver/jaegerreceiver/testdata/ca.crt       |  23 ++++
 receiver/jaegerreceiver/testdata/client.crt   |  18 +++
 receiver/jaegerreceiver/testdata/client.key   |  15 +++
 receiver/jaegerreceiver/testdata/server.crt   |  18 +++
 receiver/jaegerreceiver/testdata/server.key   |  15 +++
 .../jaegerreceiver/trace_receiver_test.go     |  81 +++++++++++++
 13 files changed, 368 insertions(+), 2 deletions(-)
 create mode 100644 exporter/jaegerexporter/testdata/ca.crt
 create mode 100644 exporter/jaegerexporter/testdata/client.crt
 create mode 100644 exporter/jaegerexporter/testdata/client.key
 create mode 100644 exporter/jaegerexporter/testdata/server.crt
 create mode 100644 exporter/jaegerexporter/testdata/server.key
 create mode 100644 receiver/jaegerreceiver/testdata/ca.crt
 create mode 100644 receiver/jaegerreceiver/testdata/client.crt
 create mode 100644 receiver/jaegerreceiver/testdata/client.key
 create mode 100644 receiver/jaegerreceiver/testdata/server.crt
 create mode 100644 receiver/jaegerreceiver/testdata/server.key

diff --git a/exporter/jaegerexporter/exporter_test.go b/exporter/jaegerexporter/exporter_test.go
index 5a9e5355da4..357fe5bdf3a 100644
--- a/exporter/jaegerexporter/exporter_test.go
+++ b/exporter/jaegerexporter/exporter_test.go
@@ -16,11 +16,22 @@ package jaegerexporter
 
 import (
 	"context"
+	"net"
+	"path"
+	"sync"
 	"testing"
 
+	"github.com/jaegertracing/jaeger/model"
+	"github.com/jaegertracing/jaeger/proto-gen/api_v2"
+	tracev1 "github.com/open-telemetry/opentelemetry-proto/gen/go/trace/v1"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 
+	"github.com/open-telemetry/opentelemetry-collector/component"
 	"github.com/open-telemetry/opentelemetry-collector/config/configgrpc"
+	"github.com/open-telemetry/opentelemetry-collector/consumer/pdata"
 	"github.com/open-telemetry/opentelemetry-collector/internal/data/testdata"
 )
 
@@ -164,3 +175,99 @@ func TestNew(t *testing.T) {
 		})
 	}
 }
+
+// CA key and cert
+// openssl req -new -nodes -x509 -days 9650 -keyout ca.key -out ca.crt -subj "/C=US/ST=California/L=Mountain View/O=Your Organization/OU=Your Unit/CN=localhost"
+// Server key and cert
+// openssl genrsa -des3 -out server.key 1024
+// openssl req -new -key server.key -out server.csr -subj "/C=US/ST=California/L=Mountain View/O=Your Organization/OU=Your Unit/CN=localhost"
+// openssl x509 -req -days 9650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
+// Client key and cert
+// openssl genrsa -des3 -out client.key 1024
+// openssl req -new -key client.key -out client.csr -subj "/C=US/ST=California/L=Mountain View/O=Your Organization/OU=Your Unit/CN=localhost"
+// openssl x509 -req -days 9650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
+// Remove passphrase
+// openssl rsa -in server.key -out temp.key && rm server.key && mv temp.key server.key
+// openssl rsa -in client.key -out temp.key && rm client.key && mv temp.key client.key
+func TestMutualTLS(t *testing.T) {
+	caPath := path.Join(".", "testdata", "ca.crt")
+	serverCertPath := path.Join(".", "testdata", "server.crt")
+	serverKeyPath := path.Join(".", "testdata", "server.key")
+	clientCertPath := path.Join(".", "testdata", "client.crt")
+	clientKeyPath := path.Join(".", "testdata", "client.key")
+
+	// start gRPC Jaeger server
+	tlsCfgOpts := configgrpc.TLSConfig{
+		CaCert:     caPath,
+		ClientCert: serverCertPath,
+		ClientKey:  serverKeyPath,
+	}
+	tlsCfg, err := tlsCfgOpts.LoadTLSConfig()
+	require.NoError(t, err)
+	spanHandler := &mockSpanHandler{}
+	server, serverAddr := initializeGRPCTestServer(t, func(server *grpc.Server) {
+		api_v2.RegisterCollectorServiceServer(server, spanHandler)
+	}, grpc.Creds(credentials.NewTLS(tlsCfg)))
+	defer server.GracefulStop()
+
+	// Create gRPC trace exporter
+	factory := &Factory{}
+	cfg := factory.CreateDefaultConfig().(*Config)
+	cfg.GRPCSettings = configgrpc.GRPCSettings{
+		Endpoint: serverAddr.String(),
+		TLSConfig: configgrpc.TLSConfig{
+			UseSecure:          true,
+			CaCert:             caPath,
+			ClientCert:         clientCertPath,
+			ClientKey:          clientKeyPath,
+			ServerNameOverride: "localhost",
+		},
+	}
+	exporter, err := factory.CreateTraceExporter(context.Background(), component.ExporterCreateParams{}, cfg)
+	require.NoError(t, err)
+	err = exporter.Start(context.Background(), nil)
+	require.NoError(t, err)
+	defer exporter.Shutdown(context.Background())
+
+	traceID := []byte("0123456789abcdef")
+	spanID := []byte("01234567")
+	traces := pdata.TracesFromOtlp([]*tracev1.ResourceSpans{
+		{InstrumentationLibrarySpans: []*tracev1.InstrumentationLibrarySpans{{Spans: []*tracev1.Span{{TraceId: traceID, SpanId: spanID}}}}},
+	})
+	err = exporter.ConsumeTraces(context.Background(), traces)
+	require.NoError(t, err)
+	requestes := spanHandler.getRequests()
+	assert.Equal(t, 1, len(requestes))
+	jTraceID, err := model.TraceIDFromBytes(traceID)
+	require.NoError(t, err)
+	assert.Equal(t, jTraceID, requestes[0].GetBatch().Spans[0].TraceID)
+}
+
+func initializeGRPCTestServer(t *testing.T, beforeServe func(server *grpc.Server), opts ...grpc.ServerOption) (*grpc.Server, net.Addr) {
+	server := grpc.NewServer(opts...)
+	lis, err := net.Listen("tcp", "localhost:0")
+	require.NoError(t, err)
+	beforeServe(server)
+	go func() {
+		require.NoError(t, server.Serve(lis))
+	}()
+	return server, lis.Addr()
+}
+
+type mockSpanHandler struct {
+	mux      sync.Mutex
+	requests []*api_v2.PostSpansRequest
+}
+
+func (h *mockSpanHandler) getRequests() []*api_v2.PostSpansRequest {
+	h.mux.Lock()
+	defer h.mux.Unlock()
+	return h.requests
+}
+
+func (h *mockSpanHandler) PostSpans(_ context.Context, r *api_v2.PostSpansRequest) (*api_v2.PostSpansResponse, error) {
+	h.mux.Lock()
+	defer h.mux.Unlock()
+	h.requests = append(h.requests, r)
+	return &api_v2.PostSpansResponse{}, nil
+}
diff --git a/exporter/jaegerexporter/testdata/ca.crt b/exporter/jaegerexporter/testdata/ca.crt
new file mode 100644
index 00000000000..592993c8ced
--- /dev/null
+++ b/exporter/jaegerexporter/testdata/ca.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIUNTVp7u2jqu+nCZbTtHNihE2mFLcwDQYJKoZIhvcNAQEL
+BQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM
+DU1vdW50YWluIFZpZXcxGjAYBgNVBAoMEVlvdXIgT3JnYW5pemF0aW9uMRIwEAYD
+VQQLDAlZb3VyIFVuaXQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMDA1MTMxNDEz
+MzNaFw00NjEwMTQxNDEzMzNaMH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp
+Zm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRowGAYDVQQKDBFZb3VyIE9y
+Z2FuaXphdGlvbjESMBAGA1UECwwJWW91ciBVbml0MRIwEAYDVQQDDAlsb2NhbGhv
+c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/8S2PdY/icKqALehp
+qD3fJ8vb/JjXBSxWVRoE/do90Bab7ld5QUBhkWo+nCRMOPOgRJokHeHL8tEhefTy
+nK58tNgmRtv7LaULw+FADWnGb+J/LjAyb+naB4hsH7yBYjEz+cbeXQNH46DyfiQ6
+tcOjWHGWonw2k7RU/QwDMc8IusUpebK5ebC/dYNaviWa5lozCgyGPM4dg7+HxTZA
+7vaVqtzgK3oaoukj+/lHkDVCwWV3gSoZLz+9C93TqvRPxaW7tNXsMfVZT54peO9u
+ee5bAZec7ha+IoSdGCS4DNX58eJXJc2OYFXo+6u9FewcqDU5nRKpDBSuld30P8t5
+hbShAgMBAAGjUzBRMB0GA1UdDgQWBBQ2xsEER2LQWXC0yUYhGMn7Cj5+XzAfBgNV
+HSMEGDAWgBQ2xsEER2LQWXC0yUYhGMn7Cj5+XzAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQArJstEh6SJ8r5AAs6uGEEAlcsoUFFNRoRHa7qAFzy6
+zU7kuGkPjh8heQ0Hy6cosdHnN+hPDtjX2rwWWNLGcQzYkZ2/ycYeKFpq4kDAOz7V
+3KC1gt7KekmQMIOPqVW5Xb2HvHWYjg9VvYyFgwv/tm2kcaRaEuwdMfjvN1wTttKL
+9nNGC/IKrjxafr/1bWMB+869Dqba9rm9Z3yfNSF6ulFfDj3aHRQj8ToMzlk/RUH4
+7GTI6biCGl/h1I53Q4dZ793b9q3OIK6z+ztDqjT3bdKFCewdhONIH9CtuI+LlrUm
+FsXrc1M0ObwheiW8QxK7oROOwIDgCTSZJLKv5+8jCazt
+-----END CERTIFICATE-----
diff --git a/exporter/jaegerexporter/testdata/client.crt b/exporter/jaegerexporter/testdata/client.crt
new file mode 100644
index 00000000000..a494ed4830f
--- /dev/null
+++ b/exporter/jaegerexporter/testdata/client.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdQCAQEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNV
+BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxGjAYBgNVBAoM
+EVlvdXIgT3JnYW5pemF0aW9uMRIwEAYDVQQLDAlZb3VyIFVuaXQxEjAQBgNVBAMM
+CWxvY2FsaG9zdDAeFw0yMDA1MTMxNDI4MzRaFw00NjEwMTQxNDI4MzRaMH4xCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFp
+biBWaWV3MRowGAYDVQQKDBFZb3VyIE9yZ2FuaXphdGlvbjESMBAGA1UECwwJWW91
+ciBVbml0MRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAKqklQUlHrs8qVwHvedr36b5yu8bJqzx4RKHL37CKdMA4FbmmnKz/JjK
+9UKqTWWPWnG9HZ26jwTehfEPDN56qODvGYwwvYywgy0iWXhcnsrM3PnC7S2nXyAm
+joMD1thBcXpWqLFMuyAiGqwRFZYheEvUlspbxDZEdlXmZkNg3G4fAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAIekrxrjEM7udCZuECPQDPY1+d1m9843pcztO5O/0Ru+
+8dFLKya3VoLBHBf8WYClBd8loLO6tw3qBEJKJRH6UscCiSP8JFcoHiCVogHOiMYx
+g5ECbXSjnul5b6j/7O7OHQ+CDxcf79AzezHZb3WcxH3b8ljSxn66GvYb1ANmKUt6
+Am2i+vsTQgcJ8TX/QpsJPaVhgic+3G0cZkLnDoxKW/xjKU6Dsba9u0b8JpO55PDO
+EEvHkz4T8czJTrIqJs+KK9omY2U8o+PQjnAiEdq8UTK9g0V1SsEBnfPmaIKgg9l8
+vbWd7N38Krg9NZMWqWWufXg9+1VJJplXmnMSP16NiMg=
+-----END CERTIFICATE-----
diff --git a/exporter/jaegerexporter/testdata/client.key b/exporter/jaegerexporter/testdata/client.key
new file mode 100644
index 00000000000..98aff57f1f9
--- /dev/null
+++ b/exporter/jaegerexporter/testdata/client.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCqpJUFJR67PKlcB73na9+m+crvGyas8eEShy9+winTAOBW5ppy
+s/yYyvVCqk1lj1pxvR2duo8E3oXxDwzeeqjg7xmMML2MsIMtIll4XJ7KzNz5wu0t
+p18gJo6DA9bYQXF6VqixTLsgIhqsERWWIXhL1JbKW8Q2RHZV5mZDYNxuHwIDAQAB
+AoGATzIzN0ATEzMEJwIw0Mbv9b7YwEAJoxpfKwoysNHMN3GgrLQ52iJOiVsomNgR
+M6FkiIUMybdbyRa9czNY9ahX18sdNWAPZVM97z0lpAF9EfsYqBHtz6HrzBvC0Pyd
+bDhAaWI8JSTioAYXupOPpsPTVrF3jgN4587aEz/qLU6OP4ECQQDSkrp4f46Masqh
+lx68KBe6823oU7cQBv4VjjRJRmslq3kERxf5gdfyfv6W69FWk12cqw1W7WgfRCc0
+/0TSj2hLAkEAz3SinA6LhJ+RivPlwQs09DI9QSpZxmGThrVTcmWHL5kDUcvJy9Gu
+umIrbfUHBNmqK/NItZjmDPC3kG5KKiWU/QJAS1iJNHif7wp/Otax/q1x4EkeOJVL
+2YZHADuD5fw2dqImiStPHs4hEPnz6tiybQIJ6vchrMsCCL4AMWxtmdIKhQJAY65F
+W/rZKvaJNl0O7nz2CsgBCsjQrjPAcR+7YuJJ3KMHJ0xmQBsWe9QjzgfIQZpc3BVf
+wHIhR+J6MVntJOc9+QJAGwPIhmWU6TYgJ/R7usiNwzIdG+XMcw9ySVgICDhs3Gea
+PrcdkrTt9DG9MPwXaCHD7PB+3w0D3VaaRsUIotXP0A==
+-----END RSA PRIVATE KEY-----
diff --git a/exporter/jaegerexporter/testdata/server.crt b/exporter/jaegerexporter/testdata/server.crt
new file mode 100644
index 00000000000..b1e3f178c6f
--- /dev/null
+++ b/exporter/jaegerexporter/testdata/server.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdQCAQEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNV
+BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxGjAYBgNVBAoM
+EVlvdXIgT3JnYW5pemF0aW9uMRIwEAYDVQQLDAlZb3VyIFVuaXQxEjAQBgNVBAMM
+CWxvY2FsaG9zdDAeFw0yMDA1MTMxNDI2NTNaFw00NjEwMTQxNDI2NTNaMH4xCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFp
+biBWaWV3MRowGAYDVQQKDBFZb3VyIE9yZ2FuaXphdGlvbjESMBAGA1UECwwJWW91
+ciBVbml0MRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAMvNgDMuMr7bz260Mlq6jSjxxzgPCRsQMsehoCa0q9PIkq8Tp6mFyody
+lKFu/oEZLreFmUZuZ0rzNoSf62MKVhKZE0s0Cq91m97ExIHW3NRhkS9IRj7cDJ1A
+ToQHlhxaOeMKEfnSJlymQnZNGVV79EcQDM36bfQPbTqRUeM9vWE1AgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBABgE3vf7vwUYmshpvK/xKGIpTmqFRA9gyh7o++C+KUoL
+eD4bz9NlxVk5bO8usPmuWo/MM8EIPWAc3RMsMHBQy6/87cP0wuolYkMrj2F5Mpc1
+vE6WRrFhxqNmnA1G5XhPmxcI29N6z6pc6TeOEuUe2/ywzSNhNUMCUf1NebzD9GMp
+4oQx5lcvsRmXaya7gSfDvoWi2Gd6v5qrYk3/enppNOu49h2THK+d4Ycmm/eG9883
+xaqTE+1lAJfSnM0Bsjso3SZfocOtW3yUk5JoEIRG4Prjv6gFPLvb0/OHLEYBlqGU
+Qw5MzYFmPJWGR7IKAs6Kkr2VxT7XUp7iYQAN5QyliGY=
+-----END CERTIFICATE-----
diff --git a/exporter/jaegerexporter/testdata/server.key b/exporter/jaegerexporter/testdata/server.key
new file mode 100644
index 00000000000..4652d4b5332
--- /dev/null
+++ b/exporter/jaegerexporter/testdata/server.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDLzYAzLjK+289utDJauo0o8cc4DwkbEDLHoaAmtKvTyJKvE6ep
+hcqHcpShbv6BGS63hZlGbmdK8zaEn+tjClYSmRNLNAqvdZvexMSB1tzUYZEvSEY+
+3AydQE6EB5YcWjnjChH50iZcpkJ2TRlVe/RHEAzN+m30D206kVHjPb1hNQIDAQAB
+AoGBAKLQNU6t5ZRb/kcuZdvdlM/U95ZtTJT2R9r73/mL9IlofuanCRaA799tRhgB
+mAiCmbO7Y0vE/3f8/NzO9TlWFJOxACPliJgq/+HgdMGxXzRT6SLsNcxuWLYyEPAd
+/6DheLnZj4bwm1voi72tCvyMmndCNM6HzHzr6+u3j4ASRbgxAkEA9kwS2x/OLcm9
+j1QHpvBczrWrZya0PfpoVq8UC91Y0lJQELpSJiGfQRPS3eZeYb2+gd7KFiaQ/7c7
+WxhkQHzXkwJBANPU3hO8rLql4mKvRNJLEBMsTA2Ycstr5h4kMHF274grqQZSjDsY
+udsK+Pqgsx6PT0j7VfSxctzQ2jW4S4W90RcCQQDVbqcIbE9nLmOuSMs4xyIlnxih
+ktCuxMiWFbHxdib6W4o2dL+re4deBae901wGpz7nnADToSgV8Nrm3gRCPe0xAkAS
+1zsNXFmsnDZ/eoFPhveeDPGSv/1t1GH6SlO4s9BoNyHoew0X8IIPVnGAsSxdSnfN
+0PT7N5E0zKqr3oFxGsnvAkEAxga1mI8hg5xIkPvgaVn7Mtv8sVpXLJlQ0waWB1Q9
+tWJ7B53d+StEirPo4M4fug7LO12onuHaB/WpaEFh8Eftkg==
+-----END RSA PRIVATE KEY-----
diff --git a/receiver/jaegerreceiver/jaeger_agent_test.go b/receiver/jaegerreceiver/jaeger_agent_test.go
index 815a33d018b..263d060d475 100644
--- a/receiver/jaegerreceiver/jaeger_agent_test.go
+++ b/receiver/jaegerreceiver/jaeger_agent_test.go
@@ -111,8 +111,8 @@ func TestJaegerAgentUDP_ThriftBinary_InvalidPort(t *testing.T) {
 	jr.Shutdown(context.Background())
 }
 
-func initializeGRPCTestServer(t *testing.T, beforeServe func(server *grpc.Server)) (*grpc.Server, net.Addr) {
-	server := grpc.NewServer()
+func initializeGRPCTestServer(t *testing.T, beforeServe func(server *grpc.Server), opts ...grpc.ServerOption) (*grpc.Server, net.Addr) {
+	server := grpc.NewServer(opts...)
 	lis, err := net.Listen("tcp", "localhost:0")
 	require.NoError(t, err)
 	beforeServe(server)
diff --git a/receiver/jaegerreceiver/testdata/ca.crt b/receiver/jaegerreceiver/testdata/ca.crt
new file mode 100644
index 00000000000..592993c8ced
--- /dev/null
+++ b/receiver/jaegerreceiver/testdata/ca.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIUNTVp7u2jqu+nCZbTtHNihE2mFLcwDQYJKoZIhvcNAQEL
+BQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM
+DU1vdW50YWluIFZpZXcxGjAYBgNVBAoMEVlvdXIgT3JnYW5pemF0aW9uMRIwEAYD
+VQQLDAlZb3VyIFVuaXQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMDA1MTMxNDEz
+MzNaFw00NjEwMTQxNDEzMzNaMH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp
+Zm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRowGAYDVQQKDBFZb3VyIE9y
+Z2FuaXphdGlvbjESMBAGA1UECwwJWW91ciBVbml0MRIwEAYDVQQDDAlsb2NhbGhv
+c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/8S2PdY/icKqALehp
+qD3fJ8vb/JjXBSxWVRoE/do90Bab7ld5QUBhkWo+nCRMOPOgRJokHeHL8tEhefTy
+nK58tNgmRtv7LaULw+FADWnGb+J/LjAyb+naB4hsH7yBYjEz+cbeXQNH46DyfiQ6
+tcOjWHGWonw2k7RU/QwDMc8IusUpebK5ebC/dYNaviWa5lozCgyGPM4dg7+HxTZA
+7vaVqtzgK3oaoukj+/lHkDVCwWV3gSoZLz+9C93TqvRPxaW7tNXsMfVZT54peO9u
+ee5bAZec7ha+IoSdGCS4DNX58eJXJc2OYFXo+6u9FewcqDU5nRKpDBSuld30P8t5
+hbShAgMBAAGjUzBRMB0GA1UdDgQWBBQ2xsEER2LQWXC0yUYhGMn7Cj5+XzAfBgNV
+HSMEGDAWgBQ2xsEER2LQWXC0yUYhGMn7Cj5+XzAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQArJstEh6SJ8r5AAs6uGEEAlcsoUFFNRoRHa7qAFzy6
+zU7kuGkPjh8heQ0Hy6cosdHnN+hPDtjX2rwWWNLGcQzYkZ2/ycYeKFpq4kDAOz7V
+3KC1gt7KekmQMIOPqVW5Xb2HvHWYjg9VvYyFgwv/tm2kcaRaEuwdMfjvN1wTttKL
+9nNGC/IKrjxafr/1bWMB+869Dqba9rm9Z3yfNSF6ulFfDj3aHRQj8ToMzlk/RUH4
+7GTI6biCGl/h1I53Q4dZ793b9q3OIK6z+ztDqjT3bdKFCewdhONIH9CtuI+LlrUm
+FsXrc1M0ObwheiW8QxK7oROOwIDgCTSZJLKv5+8jCazt
+-----END CERTIFICATE-----
diff --git a/receiver/jaegerreceiver/testdata/client.crt b/receiver/jaegerreceiver/testdata/client.crt
new file mode 100644
index 00000000000..a494ed4830f
--- /dev/null
+++ b/receiver/jaegerreceiver/testdata/client.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdQCAQEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNV
+BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxGjAYBgNVBAoM
+EVlvdXIgT3JnYW5pemF0aW9uMRIwEAYDVQQLDAlZb3VyIFVuaXQxEjAQBgNVBAMM
+CWxvY2FsaG9zdDAeFw0yMDA1MTMxNDI4MzRaFw00NjEwMTQxNDI4MzRaMH4xCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFp
+biBWaWV3MRowGAYDVQQKDBFZb3VyIE9yZ2FuaXphdGlvbjESMBAGA1UECwwJWW91
+ciBVbml0MRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAKqklQUlHrs8qVwHvedr36b5yu8bJqzx4RKHL37CKdMA4FbmmnKz/JjK
+9UKqTWWPWnG9HZ26jwTehfEPDN56qODvGYwwvYywgy0iWXhcnsrM3PnC7S2nXyAm
+joMD1thBcXpWqLFMuyAiGqwRFZYheEvUlspbxDZEdlXmZkNg3G4fAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAIekrxrjEM7udCZuECPQDPY1+d1m9843pcztO5O/0Ru+
+8dFLKya3VoLBHBf8WYClBd8loLO6tw3qBEJKJRH6UscCiSP8JFcoHiCVogHOiMYx
+g5ECbXSjnul5b6j/7O7OHQ+CDxcf79AzezHZb3WcxH3b8ljSxn66GvYb1ANmKUt6
+Am2i+vsTQgcJ8TX/QpsJPaVhgic+3G0cZkLnDoxKW/xjKU6Dsba9u0b8JpO55PDO
+EEvHkz4T8czJTrIqJs+KK9omY2U8o+PQjnAiEdq8UTK9g0V1SsEBnfPmaIKgg9l8
+vbWd7N38Krg9NZMWqWWufXg9+1VJJplXmnMSP16NiMg=
+-----END CERTIFICATE-----
diff --git a/receiver/jaegerreceiver/testdata/client.key b/receiver/jaegerreceiver/testdata/client.key
new file mode 100644
index 00000000000..98aff57f1f9
--- /dev/null
+++ b/receiver/jaegerreceiver/testdata/client.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCqpJUFJR67PKlcB73na9+m+crvGyas8eEShy9+winTAOBW5ppy
+s/yYyvVCqk1lj1pxvR2duo8E3oXxDwzeeqjg7xmMML2MsIMtIll4XJ7KzNz5wu0t
+p18gJo6DA9bYQXF6VqixTLsgIhqsERWWIXhL1JbKW8Q2RHZV5mZDYNxuHwIDAQAB
+AoGATzIzN0ATEzMEJwIw0Mbv9b7YwEAJoxpfKwoysNHMN3GgrLQ52iJOiVsomNgR
+M6FkiIUMybdbyRa9czNY9ahX18sdNWAPZVM97z0lpAF9EfsYqBHtz6HrzBvC0Pyd
+bDhAaWI8JSTioAYXupOPpsPTVrF3jgN4587aEz/qLU6OP4ECQQDSkrp4f46Masqh
+lx68KBe6823oU7cQBv4VjjRJRmslq3kERxf5gdfyfv6W69FWk12cqw1W7WgfRCc0
+/0TSj2hLAkEAz3SinA6LhJ+RivPlwQs09DI9QSpZxmGThrVTcmWHL5kDUcvJy9Gu
+umIrbfUHBNmqK/NItZjmDPC3kG5KKiWU/QJAS1iJNHif7wp/Otax/q1x4EkeOJVL
+2YZHADuD5fw2dqImiStPHs4hEPnz6tiybQIJ6vchrMsCCL4AMWxtmdIKhQJAY65F
+W/rZKvaJNl0O7nz2CsgBCsjQrjPAcR+7YuJJ3KMHJ0xmQBsWe9QjzgfIQZpc3BVf
+wHIhR+J6MVntJOc9+QJAGwPIhmWU6TYgJ/R7usiNwzIdG+XMcw9ySVgICDhs3Gea
+PrcdkrTt9DG9MPwXaCHD7PB+3w0D3VaaRsUIotXP0A==
+-----END RSA PRIVATE KEY-----
diff --git a/receiver/jaegerreceiver/testdata/server.crt b/receiver/jaegerreceiver/testdata/server.crt
new file mode 100644
index 00000000000..b1e3f178c6f
--- /dev/null
+++ b/receiver/jaegerreceiver/testdata/server.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdQCAQEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNV
+BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxGjAYBgNVBAoM
+EVlvdXIgT3JnYW5pemF0aW9uMRIwEAYDVQQLDAlZb3VyIFVuaXQxEjAQBgNVBAMM
+CWxvY2FsaG9zdDAeFw0yMDA1MTMxNDI2NTNaFw00NjEwMTQxNDI2NTNaMH4xCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFp
+biBWaWV3MRowGAYDVQQKDBFZb3VyIE9yZ2FuaXphdGlvbjESMBAGA1UECwwJWW91
+ciBVbml0MRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAMvNgDMuMr7bz260Mlq6jSjxxzgPCRsQMsehoCa0q9PIkq8Tp6mFyody
+lKFu/oEZLreFmUZuZ0rzNoSf62MKVhKZE0s0Cq91m97ExIHW3NRhkS9IRj7cDJ1A
+ToQHlhxaOeMKEfnSJlymQnZNGVV79EcQDM36bfQPbTqRUeM9vWE1AgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBABgE3vf7vwUYmshpvK/xKGIpTmqFRA9gyh7o++C+KUoL
+eD4bz9NlxVk5bO8usPmuWo/MM8EIPWAc3RMsMHBQy6/87cP0wuolYkMrj2F5Mpc1
+vE6WRrFhxqNmnA1G5XhPmxcI29N6z6pc6TeOEuUe2/ywzSNhNUMCUf1NebzD9GMp
+4oQx5lcvsRmXaya7gSfDvoWi2Gd6v5qrYk3/enppNOu49h2THK+d4Ycmm/eG9883
+xaqTE+1lAJfSnM0Bsjso3SZfocOtW3yUk5JoEIRG4Prjv6gFPLvb0/OHLEYBlqGU
+Qw5MzYFmPJWGR7IKAs6Kkr2VxT7XUp7iYQAN5QyliGY=
+-----END CERTIFICATE-----
diff --git a/receiver/jaegerreceiver/testdata/server.key b/receiver/jaegerreceiver/testdata/server.key
new file mode 100644
index 00000000000..4652d4b5332
--- /dev/null
+++ b/receiver/jaegerreceiver/testdata/server.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDLzYAzLjK+289utDJauo0o8cc4DwkbEDLHoaAmtKvTyJKvE6ep
+hcqHcpShbv6BGS63hZlGbmdK8zaEn+tjClYSmRNLNAqvdZvexMSB1tzUYZEvSEY+
+3AydQE6EB5YcWjnjChH50iZcpkJ2TRlVe/RHEAzN+m30D206kVHjPb1hNQIDAQAB
+AoGBAKLQNU6t5ZRb/kcuZdvdlM/U95ZtTJT2R9r73/mL9IlofuanCRaA799tRhgB
+mAiCmbO7Y0vE/3f8/NzO9TlWFJOxACPliJgq/+HgdMGxXzRT6SLsNcxuWLYyEPAd
+/6DheLnZj4bwm1voi72tCvyMmndCNM6HzHzr6+u3j4ASRbgxAkEA9kwS2x/OLcm9
+j1QHpvBczrWrZya0PfpoVq8UC91Y0lJQELpSJiGfQRPS3eZeYb2+gd7KFiaQ/7c7
+WxhkQHzXkwJBANPU3hO8rLql4mKvRNJLEBMsTA2Ycstr5h4kMHF274grqQZSjDsY
+udsK+Pqgsx6PT0j7VfSxctzQ2jW4S4W90RcCQQDVbqcIbE9nLmOuSMs4xyIlnxih
+ktCuxMiWFbHxdib6W4o2dL+re4deBae901wGpz7nnADToSgV8Nrm3gRCPe0xAkAS
+1zsNXFmsnDZ/eoFPhveeDPGSv/1t1GH6SlO4s9BoNyHoew0X8IIPVnGAsSxdSnfN
+0PT7N5E0zKqr3oFxGsnvAkEAxga1mI8hg5xIkPvgaVn7Mtv8sVpXLJlQ0waWB1Q9
+tWJ7B53d+StEirPo4M4fug7LO12onuHaB/WpaEFh8Eftkg==
+-----END RSA PRIVATE KEY-----
diff --git a/receiver/jaegerreceiver/trace_receiver_test.go b/receiver/jaegerreceiver/trace_receiver_test.go
index 04be8a8142f..2c039b24600 100644
--- a/receiver/jaegerreceiver/trace_receiver_test.go
+++ b/receiver/jaegerreceiver/trace_receiver_test.go
@@ -19,6 +19,7 @@ import (
 	"context"
 	"encoding/binary"
 	"fmt"
+	"io/ioutil"
 	"net"
 	"net/http"
 	"net/http/httptest"
@@ -28,7 +29,9 @@ import (
 
 	"contrib.go.opencensus.io/exporter/jaeger"
 	"github.com/apache/thrift/lib/go/thrift"
+	collectorSampling "github.com/jaegertracing/jaeger/cmd/collector/app/sampling"
 	"github.com/jaegertracing/jaeger/model"
+	staticStrategyStore "github.com/jaegertracing/jaeger/plugin/sampling/strategystore/static"
 	"github.com/jaegertracing/jaeger/proto-gen/api_v2"
 	tJaeger "github.com/jaegertracing/jaeger/thrift-gen/jaeger"
 	otlptrace "github.com/open-telemetry/opentelemetry-proto/gen/go/trace/v1"
@@ -42,6 +45,8 @@ import (
 	"github.com/open-telemetry/opentelemetry-collector/client"
 	"github.com/open-telemetry/opentelemetry-collector/component"
 	"github.com/open-telemetry/opentelemetry-collector/component/componenttest"
+	"github.com/open-telemetry/opentelemetry-collector/config/configgrpc"
+	"github.com/open-telemetry/opentelemetry-collector/config/configmodels"
 	"github.com/open-telemetry/opentelemetry-collector/consumer/pdata"
 	"github.com/open-telemetry/opentelemetry-collector/exporter/exportertest"
 	"github.com/open-telemetry/opentelemetry-collector/receiver"
@@ -536,3 +541,79 @@ func TestSamplingFailsOnBadFile(t *testing.T) {
 	defer jr.Shutdown(context.Background())
 	assert.Error(t, jr.Start(context.Background(), componenttest.NewNopHost()))
 }
+
+func TestSamplingStrategiesMutualTLS(t *testing.T) {
+	caPath := path.Join(".", "testdata", "ca.crt")
+	serverCertPath := path.Join(".", "testdata", "server.crt")
+	serverKeyPath := path.Join(".", "testdata", "server.key")
+	clientCertPath := path.Join(".", "testdata", "client.crt")
+	clientKeyPath := path.Join(".", "testdata", "client.key")
+
+	// start gRPC server that serves sampling strategies
+	tlsCfgOpts := configgrpc.TLSConfig{
+		CaCert:     caPath,
+		ClientCert: serverCertPath,
+		ClientKey:  serverKeyPath,
+	}
+	tlsCfg, err := tlsCfgOpts.LoadTLSConfig()
+	require.NoError(t, err)
+	server, serverAddr := initializeGRPCTestServer(t, func(s *grpc.Server) {
+		ss, serr := staticStrategyStore.NewStrategyStore(staticStrategyStore.Options{
+			StrategiesFile: path.Join(".", "testdata", "strategies.json"),
+		}, zap.NewNop())
+		require.NoError(t, serr)
+		api_v2.RegisterSamplingManagerServer(s, collectorSampling.NewGRPCHandler(ss))
+	}, grpc.Creds(credentials.NewTLS(tlsCfg)))
+	defer server.GracefulStop()
+
+	// Create sampling strategies receiver
+	port, err := randomAvailablePort()
+	require.NoError(t, err)
+	hostEndpoint := fmt.Sprintf("localhost:%d", port)
+	factory := &Factory{}
+	cfg := factory.CreateDefaultConfig().(*Config)
+	cfg.RemoteSampling = &RemoteSamplingConfig{
+		GRPCSettings: configgrpc.GRPCSettings{
+			TLSConfig: configgrpc.TLSConfig{
+				UseSecure:          true,
+				CaCert:             caPath,
+				ClientCert:         clientCertPath,
+				ClientKey:          clientKeyPath,
+				ServerNameOverride: "localhost",
+			},
+			Endpoint: serverAddr.String(),
+		},
+		HostEndpoint: hostEndpoint,
+	}
+	// at least one protocol has to be enabled
+	thriftHTTPPort, err := randomAvailablePort()
+	require.NoError(t, err)
+	cfg.Protocols = map[string]*receiver.SecureReceiverSettings{
+		"thrift_http": {ReceiverSettings: configmodels.ReceiverSettings{
+			Endpoint: fmt.Sprintf("localhost:%d", thriftHTTPPort),
+		}},
+	}
+	exp, err := factory.CreateTraceReceiver(context.Background(), component.ReceiverCreateParams{Logger: zap.NewNop()}, cfg, exportertest.NewNopTraceExporter())
+	require.NoError(t, err)
+	host := &componenttest.ErrorWaitingHost{}
+	err = exp.Start(context.Background(), host)
+	require.NoError(t, err)
+	defer exp.Shutdown(context.Background())
+	_, err = host.WaitForFatalError(200 * time.Millisecond)
+	require.NoError(t, err)
+
+	resp, err := http.Get(fmt.Sprintf("http://%s?service=bar", hostEndpoint))
+	require.NoError(t, err)
+	bodyBytes, err := ioutil.ReadAll(resp.Body)
+	require.NoError(t, err)
+	assert.Contains(t, "{\"strategyType\":1,\"rateLimitingSampling\":{\"maxTracesPerSecond\":5}}", string(bodyBytes))
+}
+
+func randomAvailablePort() (int, error) {
+	listener, err := net.Listen("tcp", ":0")
+	if err != nil {
+		return 0, err
+	}
+	defer listener.Close()
+	return listener.Addr().(*net.TCPAddr).Port, nil
+}