Example #1
0
func TestCa(t *testing.T) {
	logger.InitLogs(os.Stdout, os.Stdout, os.Stderr)
	keylength := 4098
	organization := "org"
	country := "PT-PT"
	expiresDays := 10
	expires := time.Now().AddDate(0, 0, expiresDays).UTC()

	// generate certificate
	_, rootCert, _, err := NewRootCertificate(keylength, expires, organization, country)
	if err != nil {
		t.Error(err)
	}

	// verify fingerprint
	fingerprint, err := GetCertificateFingerprint()
	if err != nil {
		t.Error(err)
	}

	if err := rootCert.VerifyFingerprint(&fingerprint); err != nil {
		t.Fatalf("Fingerprint! %s", err)
	}

	// CSR signature is tested in container_test.go

}
Example #2
0
func main() {
	logger.InitLogs(os.Stdout, os.Stdout, os.Stderr)

	if len(os.Args) == 1 {
		argError("")
		return
	}

	switch os.Args[1] {
	case "ca":
		caCmd()
	case "container":
		containerCmd()
	default:
		clientCmd()
	}
}
Example #3
0
func TestClient(t *testing.T) {
	logger.InitLogs(os.Stdout, os.Stdout, os.Stderr)

	keyLength := 2048
	hostname := "symbios"
	privateKeyPath := "id_test"
	expires := time.Now().AddDate(1, 0, 0).UTC()

	// generate private key
	userKeyBase64, _, _, err := NewUserKey(&hostname, keyLength, &expires, &privateKeyPath)
	if err != nil {
		t.Error(err)
	}
	pubKeyPath := privateKeyPath + ".crt"

	defer os.Remove(privateKeyPath)
	defer os.Remove(pubKeyPath)

	// compare generated public key and base64encoded key
	userKey, err := b64.StdEncoding.DecodeString(*userKeyBase64)
	if err != nil {
		t.Error(err)
	}

	rawCsr, err := ioutil.ReadFile(pubKeyPath)

	if !bytes.Equal(userKey, rawCsr) {
		t.Fail()
	}

	userCert, err := pkix.NewCertificateFromPEM(rawCsr)
	if err != nil {
		t.Error(err)
	}

	tokenExpires := time.Duration(time.Second * 10)

	// generate token using private key
	userToken, err := NewTokenUsingPrivateKeyFile(privateKeyPath, hostname, tokenExpires)
	if err != nil {
		t.Error(err)
	}

	if err := ca.ValidateToken(*userToken, userCert, &hostname); err != nil {
		t.Fatalf("Token validation failed: %s", err)
	}

	// replay attack
	if err := ca.ValidateToken(*userToken, userCert, &hostname); err == nil {
		t.Fatalf("Replay attack detection fail: %s", err)
	}

	// expired token
	tokenExpires = time.Duration(time.Second * 1)
	userToken, err = NewTokenUsingPrivateKeyFile(privateKeyPath, hostname, tokenExpires)
	if err != nil {
		t.Error(err)
	}
	time.Sleep(time.Duration(time.Second * 5))

	if err := ca.ValidateToken(*userToken, userCert, &hostname); err == nil {
		t.Fatalf("Expired token detection fail: %s", err)
	}

}
Example #4
0
func TestContainer(t *testing.T) {
	logger.InitLogs(os.Stdout, os.Stdout, os.Stderr)
	// create root keys
	keysize := 2048
	key, err := pkix.CreateRSAKey(keysize)
	if err != nil {
		t.Fatal("Unable to generate keys.", err)
	}

	// start CA
	keylength := 4098
	organization := "org"
	country := "PT-PT"
	expiresDays := 10
	expires := time.Now().AddDate(0, 0, expiresDays).UTC()
	_, caCert, _, err := ca.NewRootCertificate(keylength, expires, organization, country)

	caFingerprint, err := caCert.Fingerprint()
	if err != nil {
		t.Fatal("Unable to generate keys.", err)
	}

	// add user to CA
	keyLength := 2048
	username := "******"
	userExpires := time.Now().AddDate(1, 0, 0).UTC()

	// generate private key
	_, userCert, userPrivateKey, err := client.NewUserKey(&username, keyLength, &userExpires, nil)
	if err != nil {
		t.Error(err)
	}
	ca.SetUserCertificate(userCert)
	userPrivateKeyBytes, err := userPrivateKey.ExportPrivate()
	if err != nil {
		t.Error(err)
	}

	tokenExpires := time.Duration(time.Second * 20)
	token, err := client.NewToken(userPrivateKeyBytes, username, tokenExpires)
	if err != nil {
		t.Error(err)
	}

	//setup mockHTTPServer
	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// /cert
		if r.URL.String() == "/v1/cert" {
			ca.HandleCertRequest(w, r)
		}
		if r.URL.String() == "/v1/csr" {
			ca.HandleCSR(w, r)
		}
	}))

	defer ts.Close()
	fmt.Println(ts.URL)

	certProp := CertificateProperties{
		name:         "Tommy",
		ip_list:      "192.168.1.1",
		domain_list:  "symbios",
		organization: "symbios",
		country:      "US",
	}

	_, err = Authenticate(&ts.URL, token, key, &certProp, &caFingerprint)
	if err != nil {
		t.Fatalf("Unable to authenticate.", err)
	}
}