func (certSuite) TestWithNonUTCExpiry(c *C) { expiry, err := time.Parse("2006-01-02 15:04:05.999999999 -0700 MST", "2012-11-28 15:53:57 +0100 CET") c.Assert(err, IsNil) certPEM, keyPEM, err := cert.NewCA("foo", expiry) xcert, err := cert.ParseCert(certPEM) c.Assert(err, IsNil) c.Assert(xcert.NotAfter.Equal(expiry), Equals, true) certPEM, _, err = cert.NewServer("foo", certPEM, keyPEM, expiry) xcert, err = cert.ParseCert(certPEM) c.Assert(err, IsNil) c.Assert(xcert.NotAfter.Equal(expiry), Equals, true) }
func (certSuite) TestParseCertificate(c *C) { xcert, err := cert.ParseCert(caCertPEM) c.Assert(err, IsNil) c.Assert(xcert.Subject.CommonName, Equals, "juju testing") xcert, err = cert.ParseCert(caKeyPEM) c.Check(xcert, IsNil) c.Assert(err, ErrorMatches, "no certificates found") xcert, err = cert.ParseCert([]byte("hello")) c.Check(xcert, IsNil) c.Assert(err, ErrorMatches, "no certificates found") }
func mustParseCert(pemData string) *x509.Certificate { cert, err := cert.ParseCert([]byte(pemData)) if err != nil { panic(err) } return cert }
// verifyKeyPair verifies that the certificate and key parse correctly. // The key is optional - if it is provided, we also check that the key // matches the certificate. func verifyKeyPair(certb, key []byte) error { if key != nil { _, err := tls.X509KeyPair(certb, key) return err } _, err := cert.ParseCert(certb) return err }
func Open(info *Info, opts DialOpts) (*State, error) { // TODO Select a random address from info.Addrs // and only fail when we've tried all the addresses. // TODO what does "origin" really mean, and is localhost always ok? cfg, err := websocket.NewConfig("wss://"+info.Addrs[0]+"/", "http://localhost/") if err != nil { return nil, err } pool := x509.NewCertPool() xcert, err := cert.ParseCert(info.CACert) if err != nil { return nil, err } pool.AddCert(xcert) cfg.TlsConfig = &tls.Config{ RootCAs: pool, ServerName: "anything", } var conn *websocket.Conn openAttempt := utils.AttemptStrategy{ Total: opts.Timeout, Delay: opts.RetryDelay, } for a := openAttempt.Start(); a.Next(); { log.Infof("state/api: dialing %q", cfg.Location) conn, err = websocket.DialConfig(cfg) if err == nil { break } log.Errorf("state/api: %v", err) } if err != nil { return nil, err } log.Infof("state/api: connection established") client := rpc.NewConn(jsoncodec.NewWebsocket(conn)) client.Start() st := &State{ client: client, conn: conn, } if info.Tag != "" || info.Password != "" { if err := st.Login(info.Tag, info.Password, info.Nonce); err != nil { conn.Close() return nil, err } } st.broken = make(chan struct{}) go st.heartbeatMonitor() return st, nil }
// Open connects to the server described by the given // info, waits for it to be initialized, and returns a new State // representing the environment connected to. // It returns unauthorizedError if access is unauthorized. func Open(info *Info, opts DialOpts) (*State, error) { log.Infof("state: opening state; mongo addresses: %q; entity %q", info.Addrs, info.Tag) if len(info.Addrs) == 0 { return nil, stderrors.New("no mongo addresses") } if len(info.CACert) == 0 { return nil, stderrors.New("missing CA certificate") } xcert, err := cert.ParseCert(info.CACert) if err != nil { return nil, fmt.Errorf("cannot parse CA certificate: %v", err) } pool := x509.NewCertPool() pool.AddCert(xcert) tlsConfig := &tls.Config{ RootCAs: pool, ServerName: "anything", } dial := func(addr net.Addr) (net.Conn, error) { c, err := net.Dial("tcp", addr.String()) if err != nil { log.Errorf("state: connection failed, will retry: %v", err) return nil, err } cc := tls.Client(c, tlsConfig) if err := cc.Handshake(); err != nil { log.Errorf("state: TLS handshake failed: %v", err) return nil, err } return cc, nil } session, err := mgo.DialWithInfo(&mgo.DialInfo{ Addrs: info.Addrs, Timeout: opts.Timeout, Dial: dial, }) if err != nil { return nil, err } log.Infof("state: connection established") st, err := newState(session, info) if err != nil { session.Close() return nil, err } return st, nil }
// Open connects to the server described by the given // info, waits for it to be initialized, and returns a new State // representing the environment connected to. // It returns ErrUnauthorized if access is unauthorized. func Open(info *Info) (*State, error) { log.Printf("state: opening state; mongo addresses: %q; entity %q", info.Addrs, info.EntityName) if len(info.Addrs) == 0 { return nil, errors.New("no mongo addresses") } if len(info.CACert) == 0 { return nil, errors.New("missing CA certificate") } xcert, err := cert.ParseCert(info.CACert) if err != nil { return nil, fmt.Errorf("cannot parse CA certificate: %v", err) } pool := x509.NewCertPool() pool.AddCert(xcert) tlsConfig := &tls.Config{ RootCAs: pool, ServerName: "anything", } dial := func(addr net.Addr) (net.Conn, error) { log.Printf("state: connecting to %v", addr) c, err := tls.Dial("tcp", addr.String(), tlsConfig) if err != nil { log.Printf("state: connection failed: %v", err) return nil, err } log.Printf("state: connection established") return c, err } session, err := mgo.DialWithInfo(&mgo.DialInfo{ Addrs: info.Addrs, Timeout: 10 * time.Minute, Dial: dial, }) st, err := newState(session, info) if err != nil { session.Close() return nil, err } return st, nil }
// MgoDial returns a new connection to the shared MongoDB server. func MgoDial() *mgo.Session { pool := x509.NewCertPool() xcert, err := cert.ParseCert([]byte(CACert)) if err != nil { panic(err) } pool.AddCert(xcert) tlsConfig := &tls.Config{ RootCAs: pool, ServerName: "anything", } session, err := mgo.DialWithInfo(&mgo.DialInfo{ Addrs: []string{MgoAddr}, Dial: func(addr net.Addr) (net.Conn, error) { return tls.Dial("tcp", addr.String(), tlsConfig) }, }) if err != nil { panic(err) } return session }
func Open(info *Info) (*State, error) { // TODO what does "origin" really mean, and is localhost always ok? cfg, err := websocket.NewConfig("wss://"+info.Addr+"/", "http://localhost/") if err != nil { return nil, err } pool := x509.NewCertPool() xcert, err := cert.ParseCert(info.CACert) if err != nil { return nil, err } pool.AddCert(xcert) cfg.TlsConfig = &tls.Config{ RootCAs: pool, ServerName: "anything", } conn, err := websocket.DialConfig(cfg) if err != nil { return nil, err } return &State{ conn: conn, }, nil }