func processCert(cert *x509.Certificate, serverName string, host string) (err error) {
trustSrvCrt := ""
if cert != nil {
fmt.Printf(
"Certificate (with below fingerprint) presented by %s server (%s) isn't trusted.\nMD5 = %X\nSHA1 = %X\n",
serverName,
host,
md5.Sum(cert.Raw),
sha1.Sum(cert.Raw))
//Get the user input on whether to trust the certificate
trustSrvCrt, err = askForInput("Do you trust this certificate for future communication? (yes/no): ", trustSrvCrt)
}
if err == nil && cert != nil && trustSrvCrt == "yes" {
err = cf.AddCertToLocalStore(cert)
if err == nil {
fmt.Printf(
"Saved your preference for future communicaition with %s server %s\n", serverName, host)
}
}
return
}
func TestServerTrustUtils(t *testing.T) {
//Launch Test Server
cert_b, priv_b := genTestRootCert()
//Certificate for the TLS connectiona and private key are the args
cert, _ := x509.ParseCertificate(cert_b)
priv, _ := x509.ParsePKCS1PrivateKey(priv_b)
pool := x509.NewCertPool()
pool.AddCert(cert)
tls_cert := tls.Certificate{
Certificate: [][]byte{cert_b},
PrivateKey: priv,
}
config := tls.Config{
ClientAuth: tls.NoClientCert,
Certificates: []tls.Certificate{tls_cert},
}
//Launch a server with TLS end point
ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintln(w, "Hello, client")
}))
defer ts.Close()
ts.TLS = &config
ts.StartTLS()
//At this point the appropriate test root cert doesn't exist
//Test the case when we dont have root cert for the server
u, err := url.Parse(ts.URL)
if err != nil {
t.Error("Failed to parse URL")
return
}
bServerTrusted, err := isServerTrusted(u.Host)
if err != nil || bServerTrusted == true {
fmt.Println(err)
t.Error("Failed to check server trust")
return
}
//Get the remote server's root cert and add it to our trust list
cert, err = getServerCert(u.Host)
if err != nil {
t.Error("Failed to get server cert")
return
}
err = cf.AddCertToLocalStore(cert)
if err != nil {
t.Error("Failed to Add server cert to local store")
return
}
//At this point we should have added the root cert of the remote server
//trust should be established already
bServerTrusted, err = isServerTrusted(u.Host)
if err != nil || bServerTrusted == false {
t.Error("Failed to check server trust")
}
err = cf.RemoveCertFromLocalStore(cert)
if err != nil {
t.Error("Failed to Add server cert to local store")
}
}