func (certSuite) TestParseCertificate(c *gc.C) { xcert, err := cert.ParseCert(caCertPEM) c.Assert(err, gc.IsNil) c.Assert(xcert.Subject.CommonName, gc.Equals, "juju testing") xcert, err = cert.ParseCert(caKeyPEM) c.Check(xcert, gc.IsNil) c.Assert(err, gc.ErrorMatches, "no certificates found") xcert, err = cert.ParseCert("hello") c.Check(xcert, gc.IsNil) c.Assert(err, gc.ErrorMatches, "no certificates found") }
func (certSuite) TestWithNonUTCExpiry(c *gc.C) { expiry, err := time.Parse("2006-01-02 15:04:05.999999999 -0700 MST", "2012-11-28 15:53:57 +0100 CET") c.Assert(err, gc.IsNil) certPEM, keyPEM, err := cert.NewCA("foo", expiry) xcert, err := cert.ParseCert(certPEM) c.Assert(err, gc.IsNil) c.Assert(xcert.NotAfter.Equal(expiry), gc.Equals, true) var noHostnames []string certPEM, _, err = cert.NewServer(certPEM, keyPEM, expiry, noHostnames) xcert, err = cert.ParseCert(certPEM) c.Assert(err, gc.IsNil) c.Assert(xcert.NotAfter.Equal(expiry), gc.Equals, true) }
// MgoDialInfoTls returns a DialInfo suitable // for dialling an MgoInstance at any of the // given addresses, optionally using TLS. func MgoDialInfoTls(useTls bool, addrs ...string) *mgo.DialInfo { var dial func(addr net.Addr) (net.Conn, error) if useTls { pool := x509.NewCertPool() xcert, err := cert.ParseCert(CACert) if err != nil { panic(err) } pool.AddCert(xcert) tlsConfig := &tls.Config{ RootCAs: pool, ServerName: "anything", } dial = func(addr net.Addr) (net.Conn, error) { conn, err := tls.Dial("tcp", addr.String(), tlsConfig) if err != nil { logger.Debugf("tls.Dial(%s) failed with %v", addr, err) return nil, err } return conn, nil } } else { dial = func(addr net.Addr) (net.Conn, error) { conn, err := net.Dial("tcp", addr.String()) if err != nil { logger.Debugf("net.Dial(%s) failed with %v", addr, err) return nil, err } return conn, nil } } return &mgo.DialInfo{Addrs: addrs, Dial: dial, Timeout: mgoDialTimeout} }
func mustParseCert(pemData string) *x509.Certificate { cert, err := cert.ParseCert(pemData) if err != nil { panic(err) } return cert }
// verifyKeyPair verifies that the certificate and key parse correctly. // The key is optional - if it is provided, we also check that the key // matches the certificate. func verifyKeyPair(certb, key string) error { if key != "" { _, err := tls.X509KeyPair([]byte(certb), []byte(key)) return err } _, err := cert.ParseCert(certb) return err }
func Open(info *Info, opts DialOpts) (*State, error) { if len(info.Addrs) == 0 { return nil, fmt.Errorf("no API addresses to connect to") } pool := x509.NewCertPool() xcert, err := cert.ParseCert(info.CACert) if err != nil { return nil, err } pool.AddCert(xcert) // Dial all addresses at reasonable intervals. try := parallel.NewTry(0, nil) defer try.Kill() for _, addr := range info.Addrs { err := dialWebsocket(addr, opts, pool, try) if err == parallel.ErrStopped { break } if err != nil { return nil, err } select { case <-time.After(opts.DialAddressInterval): case <-try.Dead(): } } try.Close() result, err := try.Result() if err != nil { return nil, err } conn := result.(*websocket.Conn) logger.Infof("connection established to %q", conn.RemoteAddr()) client := rpc.NewConn(jsoncodec.NewWebsocket(conn), nil) client.Start() st := &State{ client: client, conn: conn, addr: conn.Config().Location.Host, serverRoot: "https://" + conn.Config().Location.Host, tag: info.Tag, password: info.Password, certPool: pool, } if info.Tag != "" || info.Password != "" { if err := st.Login(info.Tag, info.Password, info.Nonce); err != nil { conn.Close() return nil, err } } st.broken = make(chan struct{}) go st.heartbeatMonitor() return st, nil }
func (api *RsyslogAPI) SetRsyslogCert(args params.SetRsyslogCertParams) (params.ErrorResult, error) { var result params.ErrorResult if !api.canModify { result.Error = common.ServerError(common.ErrBadCreds) return result, nil } if _, err := cert.ParseCert(string(args.CACert)); err != nil { result.Error = common.ServerError(err) return result, nil } attrs := map[string]interface{}{"rsyslog-ca-cert": string(args.CACert)} if err := api.st.UpdateEnvironConfig(attrs, nil, nil); err != nil { result.Error = common.ServerError(err) } return result, nil }
// DialInfo returns information on how to dial // the state's mongo server with the given info // and dial options. func DialInfo(info *Info, opts DialOpts) (*mgo.DialInfo, error) { if len(info.Addrs) == 0 { return nil, stderrors.New("no mongo addresses") } if len(info.CACert) == 0 { return nil, stderrors.New("missing CA certificate") } xcert, err := cert.ParseCert(info.CACert) if err != nil { return nil, fmt.Errorf("cannot parse CA certificate: %v", err) } pool := x509.NewCertPool() pool.AddCert(xcert) tlsConfig := &tls.Config{ RootCAs: pool, ServerName: "anything", } dial := func(addr net.Addr) (net.Conn, error) { c, err := net.Dial("tcp", addr.String()) if err != nil { logger.Debugf("connection failed, will retry: %v", err) return nil, err } cc := tls.Client(c, tlsConfig) if err := cc.Handshake(); err != nil { logger.Errorf("TLS handshake failed: %v", err) return nil, err } logger.Infof("dialled mongo successfully") return cc, nil } return &mgo.DialInfo{ Addrs: info.Addrs, Timeout: opts.Timeout, Dial: dial, }, nil }