func LoadX509KeyPair(c *client.Client, serverAddr, certFile string) (cert tls.Certificate, err error) {
fail := func(err error) (tls.Certificate, error) { return tls.Certificate{}, err }
var certPEMBlock []byte
var certDERBlock *pem.Block
if certPEMBlock, err = ioutil.ReadFile(certFile); err != nil {
return fail(err)
}
for {
certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
if certDERBlock == nil {
break
}
if certDERBlock.Type == "CERTIFICATE" {
cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
}
}
if len(cert.Certificate) == 0 {
return fail(errors.New("crypto/tls: failed to parse certificate PEM data"))
}
if cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0]); err != nil {
return fail(err)
}
cert.PrivateKey, err = c.RegisterCert(serverAddr, cert.Leaf)
if err != nil {
return fail(err)
}
return cert, nil
}
// testConnect tests the ability to Dial and Ping a given server
func testConnect(c *client.Client, server string) error {
conn, err := c.Dial(server)
if err != nil {
return err
}
defer conn.Close()
return conn.Ping(nil)
}
// NewPingTest generates a TestFunc to connect and perform a ping.
func NewPingTest(c *client.Client, server string) testapi.TestFunc {
return func() error {
r, err := c.LookupServer(server)
if err != nil {
return err
}
cookie := make([]byte, 512)
_, err = rand.Read(cookie)
if err != nil {
return err
}
conn, err := r.Dial(c)
if err != nil {
return err
}
defer conn.Close()
return conn.Ping(nil)
}
}
// NewActivateTest generates a TestFunc to perform a single activation call.
func NewActivateTest(c *client.Client, server string, hashedToken []byte) testapi.TestFunc {
return func() error {
return c.ActivateServer(server, hashedToken)
}
}
// RunAPITests runs a test suite based on on API Input and returns an API Result.
func RunAPITests(in *testapi.Input, c *client.Client, testLen time.Duration, workers int) (*testapi.Results, error) {
log.Debugf("Testing %s", in.Keyserver)
var err error
var certs []*x509.Certificate
if len(in.CertsPEM) > 0 {
log.Debug("Parsing certificate PEM")
certs, err = helpers.ParseCertificatesPEM([]byte(in.CertsPEM))
if err != nil {
log.Warning("Couldn't parse certificate PEM")
return nil, err
}
}
var sni string
if in.Domain != "" {
log.Debugf("Getting certificate from %s", in.Domain)
if cert, err := getCertFromDomain(in.Domain); err == nil {
certs = append(certs, cert)
} else {
log.Warningf("Couldn't get certificate from %s: %v", in.Domain, err)
}
if sni, _, err = net.SplitHostPort(in.Domain); err != nil {
sni = in.Domain
}
}
c.Config.InsecureSkipVerify = in.InsecureSkipVerify
serverIP := net.ParseIP(in.ServerIP)
if newTestLen, err := time.ParseDuration(in.TestLen); err == nil {
if newTestLen > 0 && newTestLen < 30*time.Second {
testLen = newTestLen
}
}
if newWorkers, err := strconv.Atoi(in.Workers); err == nil {
if newWorkers > 0 && newWorkers < 1024 {
workers = newWorkers
}
}
results := testapi.NewResults()
if len(in.HashedToken) > 0 {
results.RegisterTest("activate", NewActivateTest(c, in.Keyserver, in.HashedToken))
}
results.RegisterTest("ping", NewPingTest(c, in.Keyserver))
for _, cert := range certs {
priv, err := c.RegisterPublicKeyTemplate(in.Keyserver, cert.PublicKey, sni, serverIP)
if err != nil {
return nil, err
}
ski, err := gokeyless.GetSKICert(cert)
if err != nil {
return nil, err
}
if _, ok := priv.Public().(*rsa.PublicKey); ok {
results.RegisterTest(ski.String()+"."+"decrypt", NewDecryptTest(priv))
}
for name, test := range NewSignTests(priv) {
results.RegisterTest(ski.String()+"."+name, test)
}
}
results.RunTests(testLen, workers)
return results, nil
}