예제 #1
0
func processCert(cert *x509.Certificate, serverName string, host string) (err error) {
	trustSrvCrt := ""
	if cert != nil {
		fmt.Printf(
			"Certificate (with below fingerprint) presented by %s server (%s) isn't trusted.\nMD5 = %X\nSHA1  = %X\n",
			serverName,
			host,
			md5.Sum(cert.Raw),
			sha1.Sum(cert.Raw))
		//Get the user input on whether to trust the certificate
		trustSrvCrt, err = askForInput("Do you trust this certificate for future communication? (yes/no): ", trustSrvCrt)
	}

	if err == nil && cert != nil && trustSrvCrt == "yes" {
		err = cf.AddCertToLocalStore(cert)
		if err == nil {
			fmt.Printf(
				"Saved your preference for future communicaition with %s server %s\n", serverName, host)
		}
	}

	return
}
예제 #2
0
func TestServerTrustUtils(t *testing.T) {

	//Launch Test Server
	cert_b, priv_b := genTestRootCert()

	//Certificate for the TLS connectiona and private key are the args
	cert, _ := x509.ParseCertificate(cert_b)
	priv, _ := x509.ParsePKCS1PrivateKey(priv_b)

	pool := x509.NewCertPool()
	pool.AddCert(cert)

	tls_cert := tls.Certificate{
		Certificate: [][]byte{cert_b},
		PrivateKey:  priv,
	}

	config := tls.Config{
		ClientAuth:   tls.NoClientCert,
		Certificates: []tls.Certificate{tls_cert},
	}

	//Launch a server with TLS end point
	ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		fmt.Fprintln(w, "Hello, client")
	}))
	defer ts.Close()
	ts.TLS = &config
	ts.StartTLS()

	//At this point the appropriate test root cert doesn't exist
	//Test the case when we dont have root cert for the server
	u, err := url.Parse(ts.URL)
	if err != nil {
		t.Error("Failed to parse URL")
		return
	}

	bServerTrusted, err := isServerTrusted(u.Host)
	if err != nil || bServerTrusted == true {
		fmt.Println(err)
		t.Error("Failed to check server trust")
		return
	}

	//Get the remote server's root cert and add it to our trust list
	cert, err = getServerCert(u.Host)
	if err != nil {
		t.Error("Failed to get server cert")
		return
	}

	err = cf.AddCertToLocalStore(cert)
	if err != nil {
		t.Error("Failed to Add server cert to local store")
		return
	}

	//At this point we should have added the root cert of the remote server
	//trust should be established already
	bServerTrusted, err = isServerTrusted(u.Host)
	if err != nil || bServerTrusted == false {
		t.Error("Failed to check server trust")
	}

	err = cf.RemoveCertFromLocalStore(cert)
	if err != nil {
		t.Error("Failed to Add server cert to local store")
	}
}