FilesExpand file tree

 main

/

common_mock.go

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

101 lines (93 loc) · 2.62 KB

 main

/

common_mock.go

Top

File metadata and controls

• Code
• Blame

101 lines (93 loc) · 2.62 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

//go:build integration

package integration

import (

"bytes"

"crypto/x509"

"encoding/base64"

"encoding/json"

"fmt"

"net/http"

berrors "github.com/letsencrypt/boulder/errors"

)

var ctSrvPorts = []int{4500, 4501, 4510, 4511}

// ctAddRejectHost adds a domain to all of the CT test server's reject-host

// lists. If this fails the test is aborted with a fatal error.

func ctAddRejectHost(domain string) error {

for _, port := range ctSrvPorts {

url := fmt.Sprintf("http://boulder:%d/add-reject-host", port)

body := []byte(fmt.Sprintf(`{"host": %q}`, domain))

resp, err := http.Post(url, "", bytes.NewBuffer(body))

if err != nil {

return err

}

if resp.StatusCode != http.StatusOK {

return fmt.Errorf("adding reject host: %d", resp.StatusCode)

}

resp.Body.Close()

}

return nil

}

// ctGetRejections returns a slice of base64 encoded certificates that were

// rejected by the CT test server at the specified port or an error.

func ctGetRejections(port int) ([]string, error) {

url := fmt.Sprintf("http://boulder:%d/get-rejections", port)

resp, err := http.Get(url)

if err != nil {

return nil, err

}

defer resp.Body.Close()

if resp.StatusCode != http.StatusOK {

return nil, fmt.Errorf(

"getting rejections: status %d", resp.StatusCode)

}

var rejections []string

err = json.NewDecoder(resp.Body).Decode(&rejections)

if err != nil {

return nil, err

}

return rejections, nil

}

// ctFindRejection returns a parsed x509.Certificate matching the given domains

// from the base64 certificates any CT test server rejected. If no rejected

// certificate matching the provided domains is found an error is returned.

func ctFindRejection(domains []string) (*x509.Certificate, error) {

// Collect up rejections from all of the ctSrvPorts

var rejections []string

for _, port := range ctSrvPorts {

r, err := ctGetRejections(port)

if err != nil {

continue

}

rejections = append(rejections, r...)

}

// Parse each rejection cert

var cert *x509.Certificate

RejectionLoop:

for _, r := range rejections {

precertDER, err := base64.StdEncoding.DecodeString(r)

if err != nil {

return nil, err

}

c, err := x509.ParseCertificate(precertDER)

if err != nil {

return nil, err

}

// If the cert doesn't have the right number of names it won't be a match.

if len(c.DNSNames) != len(domains) {

continue

}

// If any names don't match, it isn't a match

for i, name := range c.DNSNames {

if name != domains[i] {

continue RejectionLoop

}

}

// It's a match!

cert = c

break

}

if cert == nil {

return nil, berrors.NotFoundError("no matching ct-test-srv rejection found")

}

return cert, nil

}