Exemplo n.º 1
0
func LoadX509KeyPair(c *client.Client, serverAddr, certFile string) (cert tls.Certificate, err error) {
	fail := func(err error) (tls.Certificate, error) { return tls.Certificate{}, err }
	var certPEMBlock []byte
	var certDERBlock *pem.Block

	if certPEMBlock, err = ioutil.ReadFile(certFile); err != nil {
		return fail(err)
	}

	for {
		certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
		if certDERBlock == nil {
			break
		}

		if certDERBlock.Type == "CERTIFICATE" {
			cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
		}
	}

	if len(cert.Certificate) == 0 {
		return fail(errors.New("crypto/tls: failed to parse certificate PEM data"))
	}

	if cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0]); err != nil {
		return fail(err)
	}

	cert.PrivateKey, err = c.RegisterCert(serverAddr, cert.Leaf)
	if err != nil {
		return fail(err)
	}

	return cert, nil
}
Exemplo n.º 2
0
// testConnect tests the ability to Dial and Ping a given server
func testConnect(c *client.Client, server string) error {
	conn, err := c.Dial(server)
	if err != nil {
		return err
	}
	defer conn.Close()
	return conn.Ping(nil)
}
Exemplo n.º 3
0
// NewPingTest generates a TestFunc to connect and perform a ping.
func NewPingTest(c *client.Client, server string) testapi.TestFunc {
	return func() error {
		r, err := c.LookupServer(server)
		if err != nil {
			return err
		}

		cookie := make([]byte, 512)
		_, err = rand.Read(cookie)
		if err != nil {
			return err
		}
		conn, err := r.Dial(c)
		if err != nil {
			return err
		}
		defer conn.Close()
		return conn.Ping(nil)
	}
}
Exemplo n.º 4
0
// NewActivateTest generates a TestFunc to perform a single activation call.
func NewActivateTest(c *client.Client, server string, hashedToken []byte) testapi.TestFunc {
	return func() error {
		return c.ActivateServer(server, hashedToken)
	}
}
Exemplo n.º 5
0
// RunAPITests runs a test suite based on on API Input and returns an API Result.
func RunAPITests(in *testapi.Input, c *client.Client, testLen time.Duration, workers int) (*testapi.Results, error) {
	log.Debugf("Testing %s", in.Keyserver)
	var err error
	var certs []*x509.Certificate

	if len(in.CertsPEM) > 0 {
		log.Debug("Parsing certificate PEM")
		certs, err = helpers.ParseCertificatesPEM([]byte(in.CertsPEM))
		if err != nil {
			log.Warning("Couldn't parse certificate PEM")
			return nil, err
		}
	}

	var sni string
	if in.Domain != "" {
		log.Debugf("Getting certificate from %s", in.Domain)
		if cert, err := getCertFromDomain(in.Domain); err == nil {
			certs = append(certs, cert)
		} else {
			log.Warningf("Couldn't get certificate from %s: %v", in.Domain, err)
		}

		if sni, _, err = net.SplitHostPort(in.Domain); err != nil {
			sni = in.Domain
		}
	}

	c.Config.InsecureSkipVerify = in.InsecureSkipVerify
	serverIP := net.ParseIP(in.ServerIP)

	if newTestLen, err := time.ParseDuration(in.TestLen); err == nil {
		if newTestLen > 0 && newTestLen < 30*time.Second {
			testLen = newTestLen
		}
	}

	if newWorkers, err := strconv.Atoi(in.Workers); err == nil {
		if newWorkers > 0 && newWorkers < 1024 {
			workers = newWorkers
		}
	}

	results := testapi.NewResults()

	if len(in.HashedToken) > 0 {
		results.RegisterTest("activate", NewActivateTest(c, in.Keyserver, in.HashedToken))
	}

	results.RegisterTest("ping", NewPingTest(c, in.Keyserver))

	for _, cert := range certs {
		priv, err := c.RegisterPublicKeyTemplate(in.Keyserver, cert.PublicKey, sni, serverIP)
		if err != nil {
			return nil, err
		}

		ski, err := gokeyless.GetSKICert(cert)
		if err != nil {
			return nil, err
		}

		if _, ok := priv.Public().(*rsa.PublicKey); ok {
			results.RegisterTest(ski.String()+"."+"decrypt", NewDecryptTest(priv))
		}

		for name, test := range NewSignTests(priv) {
			results.RegisterTest(ski.String()+"."+name, test)
		}
	}

	results.RunTests(testLen, workers)

	return results, nil
}