forked from cloudflare/gokeyless
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcommon_test.go
135 lines (114 loc) · 2.94 KB
/
common_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
package tests
import (
"crypto"
"crypto/x509"
"encoding/pem"
"io/ioutil"
"time"
"github.com/cloudflare/cfssl/helpers"
"github.com/cloudflare/cfssl/helpers/derhelpers"
"github.com/cloudflare/cfssl/log"
"github.com/cloudflare/gokeyless"
"github.com/cloudflare/gokeyless/client"
"github.com/cloudflare/gokeyless/server"
)
const (
serverCert = "testdata/server.pem"
serverKey = "testdata/server-key.pem"
keylessCA = "testdata/ca.pem"
serverAddr = "localhost:3407"
rsaPrivKey = "testdata/rsa.key"
ecdsaPrivKey = "testdata/ecdsa.key"
clientCert = "testdata/client.pem"
clientKey = "testdata/client-key.pem"
keyserverCA = "testdata/ca.pem"
rsaPubKey = "testdata/rsa.pubkey"
ecdsaPubKey = "testdata/ecdsa.pubkey"
)
var (
s *server.Server
c *client.Client
rsaKey *client.Decrypter
ecdsaKey *client.PrivateKey
remote client.Remote
)
// dummyGetCertificate is a GetCertificate function which reads a static cert
// from disk and simulates latency.
func dummyGetCertificate(op *gokeyless.Operation) ([]byte, error) {
if string(op.Payload) == "slow" {
time.Sleep(time.Second)
}
return ioutil.ReadFile(serverCert)
}
// LoadKey attempts to load a private key from PEM or DER.
func LoadKey(in []byte) (priv crypto.Signer, err error) {
priv, err = helpers.ParsePrivateKeyPEM(in)
if err == nil {
return priv, nil
}
return derhelpers.ParsePrivateKeyDER(in)
}
// helper function reads a pub key from a file and convert it to a signer
func NewRemoteSignerByPubKeyFile(filepath string) (crypto.Signer, error) {
pemBytes, err := ioutil.ReadFile(filepath)
if err != nil {
return nil, err
}
p, _ := pem.Decode(pemBytes)
pub, err := x509.ParsePKIXPublicKey(p.Bytes)
if err != nil {
return nil, err
}
s, err := c.NewRemoteSignerByPublicKey("", pub)
if err != nil {
return nil, err
}
return s, err
}
// Set up compatible server and client for use by tests.
func init() {
var err error
log.Level = log.LevelFatal
s, err = server.NewServerFromFile(serverCert, serverKey, keylessCA, serverAddr, "")
if err != nil {
log.Fatal(err)
}
keys := server.NewDefaultKeystore()
keys.LoadKeysFromDir("testdata", LoadKey)
s.Keys = keys
s.GetCertificate = dummyGetCertificate
listening := make(chan bool)
go func() {
listening <- true
if err := s.ListenAndServe(); err != nil {
log.Fatal(err)
}
}()
<-listening
c, err = client.NewClientFromFile(clientCert, clientKey, keyserverCA)
if err != nil {
log.Fatal(err)
}
remote, err = c.LookupServer(serverAddr)
if err != nil {
log.Fatal(err)
}
c.DefaultRemote = remote
privKey, err := NewRemoteSignerByPubKeyFile(rsaPubKey)
if err != nil {
log.Fatal(err)
}
var ok bool
rsaKey, ok = privKey.(*client.Decrypter)
if !ok {
log.Fatal("bad RSA key registration")
}
privKey, err = NewRemoteSignerByPubKeyFile(ecdsaPubKey)
if err != nil {
log.Fatal(err)
}
ecdsaKey, ok = privKey.(*client.PrivateKey)
if !ok {
log.Fatal("bad ECDSA key registration")
}
}