blob: 665cc6026389876c675341e1b8a3516b95b0aec8 [file] [log] [blame]
/*
* Copyright 2020 gRPC authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
// Package testutils contains helper functions for advancedtls.
package testutils
import (
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"google.golang.org/grpc/security/advancedtls/testdata"
)
// CertStore contains all the certificates used in the integration tests.
type CertStore struct {
// ClientCert1 is the certificate sent by client to prove its identity.
// It is trusted by ServerTrust1.
ClientCert1 tls.Certificate
// ClientCert2 is the certificate sent by client to prove its identity.
// It is trusted by ServerTrust2.
ClientCert2 tls.Certificate
// ServerCert1 is the certificate sent by server to prove its identity.
// It is trusted by ClientTrust1.
ServerCert1 tls.Certificate
// ServerCert2 is the certificate sent by server to prove its identity.
// It is trusted by ClientTrust2.
ServerCert2 tls.Certificate
// ServerPeer3 is the certificate sent by server to prove its identity.
ServerPeer3 tls.Certificate
// ClientTrust1 is the root certificate used on the client side.
ClientTrust1 *x509.CertPool
// ClientTrust2 is the root certificate used on the client side.
ClientTrust2 *x509.CertPool
// ServerTrust1 is the root certificate used on the server side.
ServerTrust1 *x509.CertPool
// ServerTrust2 is the root certificate used on the server side.
ServerTrust2 *x509.CertPool
}
func readTrustCert(fileName string) (*x509.CertPool, error) {
trustData, err := ioutil.ReadFile(fileName)
if err != nil {
return nil, err
}
trustPool := x509.NewCertPool()
if !trustPool.AppendCertsFromPEM(trustData) {
return nil, fmt.Errorf("error loading trust certificates")
}
return trustPool, nil
}
// LoadCerts function is used to load test certificates at the beginning of
// each integration test.
func (cs *CertStore) LoadCerts() error {
var err error
if cs.ClientCert1, err = tls.LoadX509KeyPair(testdata.Path("client_cert_1.pem"), testdata.Path("client_key_1.pem")); err != nil {
return err
}
if cs.ClientCert2, err = tls.LoadX509KeyPair(testdata.Path("client_cert_2.pem"), testdata.Path("client_key_2.pem")); err != nil {
return err
}
if cs.ServerCert1, err = tls.LoadX509KeyPair(testdata.Path("server_cert_1.pem"), testdata.Path("server_key_1.pem")); err != nil {
return err
}
if cs.ServerCert2, err = tls.LoadX509KeyPair(testdata.Path("server_cert_2.pem"), testdata.Path("server_key_2.pem")); err != nil {
return err
}
if cs.ServerPeer3, err = tls.LoadX509KeyPair(testdata.Path("server_cert_3.pem"), testdata.Path("server_key_3.pem")); err != nil {
return err
}
if cs.ClientTrust1, err = readTrustCert(testdata.Path("client_trust_cert_1.pem")); err != nil {
return err
}
if cs.ClientTrust2, err = readTrustCert(testdata.Path("client_trust_cert_2.pem")); err != nil {
return err
}
if cs.ServerTrust1, err = readTrustCert(testdata.Path("server_trust_cert_1.pem")); err != nil {
return err
}
if cs.ServerTrust2, err = readTrustCert(testdata.Path("server_trust_cert_2.pem")); err != nil {
return err
}
return nil
}