1/* 2 * Copyright 2020 gRPC authors. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 * 16 */ 17 18// Package testutils contains helper functions for advancedtls. 19package testutils 20 21import ( 22 "crypto/tls" 23 "crypto/x509" 24 "fmt" 25 "io/ioutil" 26 27 "google.golang.org/grpc/security/advancedtls/testdata" 28) 29 30// CertStore contains all the certificates used in the integration tests. 31type CertStore struct { 32 // ClientCert1 is the certificate sent by client to prove its identity. 33 // It is trusted by ServerTrust1. 34 ClientCert1 tls.Certificate 35 // ClientCert2 is the certificate sent by client to prove its identity. 36 // It is trusted by ServerTrust2. 37 ClientCert2 tls.Certificate 38 // ServerCert1 is the certificate sent by server to prove its identity. 39 // It is trusted by ClientTrust1. 40 ServerCert1 tls.Certificate 41 // ServerCert2 is the certificate sent by server to prove its identity. 42 // It is trusted by ClientTrust2. 43 ServerCert2 tls.Certificate 44 // ServerPeer3 is the certificate sent by server to prove its identity. 45 ServerPeer3 tls.Certificate 46 // ServerPeerLocalhost1 is the certificate sent by server to prove its 47 // identity. It has "localhost" as its common name, and is trusted by 48 // ClientTrust1. 49 ServerPeerLocalhost1 tls.Certificate 50 // ClientTrust1 is the root certificate used on the client side. 51 ClientTrust1 *x509.CertPool 52 // ClientTrust2 is the root certificate used on the client side. 53 ClientTrust2 *x509.CertPool 54 // ServerTrust1 is the root certificate used on the server side. 55 ServerTrust1 *x509.CertPool 56 // ServerTrust2 is the root certificate used on the server side. 57 ServerTrust2 *x509.CertPool 58} 59 60func readTrustCert(fileName string) (*x509.CertPool, error) { 61 trustData, err := ioutil.ReadFile(fileName) 62 if err != nil { 63 return nil, err 64 } 65 trustPool := x509.NewCertPool() 66 if !trustPool.AppendCertsFromPEM(trustData) { 67 return nil, fmt.Errorf("error loading trust certificates") 68 } 69 return trustPool, nil 70} 71 72// LoadCerts function is used to load test certificates at the beginning of 73// each integration test. 74func (cs *CertStore) LoadCerts() error { 75 var err error 76 if cs.ClientCert1, err = tls.LoadX509KeyPair(testdata.Path("client_cert_1.pem"), testdata.Path("client_key_1.pem")); err != nil { 77 return err 78 } 79 if cs.ClientCert2, err = tls.LoadX509KeyPair(testdata.Path("client_cert_2.pem"), testdata.Path("client_key_2.pem")); err != nil { 80 return err 81 } 82 if cs.ServerCert1, err = tls.LoadX509KeyPair(testdata.Path("server_cert_1.pem"), testdata.Path("server_key_1.pem")); err != nil { 83 return err 84 } 85 if cs.ServerCert2, err = tls.LoadX509KeyPair(testdata.Path("server_cert_2.pem"), testdata.Path("server_key_2.pem")); err != nil { 86 return err 87 } 88 if cs.ServerPeer3, err = tls.LoadX509KeyPair(testdata.Path("server_cert_3.pem"), testdata.Path("server_key_3.pem")); err != nil { 89 return err 90 } 91 if cs.ServerPeerLocalhost1, err = tls.LoadX509KeyPair(testdata.Path("server_cert_localhost_1.pem"), testdata.Path("server_key_localhost_1.pem")); err != nil { 92 return err 93 } 94 if cs.ClientTrust1, err = readTrustCert(testdata.Path("client_trust_cert_1.pem")); err != nil { 95 return err 96 } 97 if cs.ClientTrust2, err = readTrustCert(testdata.Path("client_trust_cert_2.pem")); err != nil { 98 return err 99 } 100 if cs.ServerTrust1, err = readTrustCert(testdata.Path("server_trust_cert_1.pem")); err != nil { 101 return err 102 } 103 if cs.ServerTrust2, err = readTrustCert(testdata.Path("server_trust_cert_2.pem")); err != nil { 104 return err 105 } 106 return nil 107} 108