本文整理汇总了Golang中github.com/letsencrypt/boulder/core.LoadCert函数的典型用法代码示例。如果您正苦于以下问题:Golang LoadCert函数的具体用法?Golang LoadCert怎么用?Golang LoadCert使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了LoadCert函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: readFiles
func readFiles(issuerFileName, responderFileName, targetFileName, pkcs11FileName string) (issuer, responder, target *x509.Certificate, pkcs11Config pkcs11key.Config, err error) {
// Issuer certificate
issuer, err = core.LoadCert(issuerFileName)
if err != nil {
return
}
// Responder certificate
responder, err = core.LoadCert(responderFileName)
if err != nil {
return
}
// Target certificate
target, err = core.LoadCert(targetFileName)
if err != nil {
return
}
// PKCS#11 config
pkcs11Bytes, err := ioutil.ReadFile(pkcs11FileName)
if err != nil {
return
}
err = json.Unmarshal(pkcs11Bytes, &pkcs11Config)
if pkcs11Config.Module == "" ||
pkcs11Config.TokenLabel == "" ||
pkcs11Config.PIN == "" ||
pkcs11Config.PrivateKeyLabel == "" {
err = fmt.Errorf("Missing a field in pkcs11Config %#v", pkcs11Config)
return
}
return
}示例2: TestGenerateOCSPResponses
func TestGenerateOCSPResponses(t *testing.T) {
updater, sa, _, fc, cleanUp := setup(t)
defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa)
parsedCert, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate")
_, err = sa.AddCertificate(parsedCert.Raw, reg.ID)
test.AssertNotError(t, err, "Couldn't add test-cert.pem")
parsedCert, err = core.LoadCert("test-cert-b.pem")
test.AssertNotError(t, err, "Couldn't read test certificate")
_, err = sa.AddCertificate(parsedCert.Raw, reg.ID)
test.AssertNotError(t, err, "Couldn't add test-cert-b.pem")
earliest := fc.Now().Add(-time.Hour)
certs, err := updater.findStaleOCSPResponses(earliest, 10)
test.AssertNotError(t, err, "Couldn't find stale responses")
test.AssertEquals(t, len(certs), 2)
updater.generateOCSPResponses(certs)
certs, err = updater.findStaleOCSPResponses(earliest, 10)
test.AssertNotError(t, err, "Failed to find stale responses")
test.AssertEquals(t, len(certs), 0)
}示例3: TestServerTransportCredentials
func TestServerTransportCredentials(t *testing.T) {
acceptedSANs := map[string]struct{}{
"boulder-client": {},
}
goodCert, err := core.LoadCert("../../test/grpc-creds/boulder-client/cert.pem")
test.AssertNotError(t, err, "core.LoadCert('../../grpc-creds/boulder-client/cert.pem') failed")
badCert, err := core.LoadCert("../../test/test-root.pem")
test.AssertNotError(t, err, "core.LoadCert('../../test-root.pem') failed")
servTLSConfig := &tls.Config{}
// NewServerCredentials with a nil serverTLSConfig should return an error
_, err = NewServerCredentials(nil, acceptedSANs)
test.AssertEquals(t, err, NilServerConfigErr)
// A creds with a empty acceptedSANs list should consider any peer valid
wrappedCreds, err := NewServerCredentials(servTLSConfig, nil)
test.AssertNotError(t, err, "NewServerCredentials failed with nil acceptedSANs")
bcreds := wrappedCreds.(*serverTransportCredentials)
emptyState := tls.ConnectionState{}
err = bcreds.validateClient(emptyState)
test.AssertNotError(t, err, "validateClient() errored for emptyState")
wrappedCreds, err = NewServerCredentials(servTLSConfig, map[string]struct{}{})
test.AssertNotError(t, err, "NewServerCredentials failed with empty acceptedSANs")
bcreds = wrappedCreds.(*serverTransportCredentials)
err = bcreds.validateClient(emptyState)
test.AssertNotError(t, err, "validateClient() errored for emptyState")
// A creds given an empty TLS ConnectionState to verify should return an error
bcreds = &serverTransportCredentials{servTLSConfig, acceptedSANs}
err = bcreds.validateClient(emptyState)
test.AssertEquals(t, err, EmptyPeerCertsErr)
// A creds should reject peers that don't have a leaf certificate with
// a SAN on the accepted list.
wrongState := tls.ConnectionState{
PeerCertificates: []*x509.Certificate{badCert},
}
err = bcreds.validateClient(wrongState)
test.AssertEquals(t, err, SANNotAcceptedErr)
// A creds should accept peers that have a leaf certificate with a SAN
// that is on the accepted list
rightState := tls.ConnectionState{
PeerCertificates: []*x509.Certificate{goodCert},
}
err = bcreds.validateClient(rightState)
test.AssertNotError(t, err, "validateClient(rightState) failed")
// A creds configured with an IP SAN in the accepted list should accept a peer
// that has a leaf certificate containing an IP address SAN present in the
// accepted list.
acceptedIPSans := map[string]struct{}{
"127.0.0.1": {},
}
bcreds = &serverTransportCredentials{servTLSConfig, acceptedIPSans}
err = bcreds.validateClient(rightState)
test.AssertNotError(t, err, "validateClient(rightState) failed with an IP accepted SAN list")
}示例4: TestFindStaleOCSPResponses
func TestFindStaleOCSPResponses(t *testing.T) {
updater, sa, _, fc, cleanUp := setup(t)
defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa)
parsedCert, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate")
_, err = sa.AddCertificate(parsedCert.Raw, reg.ID)
test.AssertNotError(t, err, "Couldn't add www.eff.org.der")
earliest := fc.Now().Add(-time.Hour)
certs, err := updater.findStaleOCSPResponses(earliest, 10)
test.AssertNotError(t, err, "Couldn't find certificate")
test.AssertEquals(t, len(certs), 1)
status, err := sa.GetCertificateStatus(core.SerialToString(parsedCert.SerialNumber))
test.AssertNotError(t, err, "Couldn't get the core.Certificate from the database")
meta, err := updater.generateResponse(status)
test.AssertNotError(t, err, "Couldn't generate OCSP response")
err = updater.storeResponse(meta)
test.AssertNotError(t, err, "Couldn't store OCSP response")
certs, err = updater.findStaleOCSPResponses(earliest, 10)
test.AssertNotError(t, err, "Failed to find stale responses")
test.AssertEquals(t, len(certs), 0)
}示例5: TestGenerateAndStoreOCSPResponse
func TestGenerateAndStoreOCSPResponse(t *testing.T) {
updater, sa, _, _, cleanUp := setup(t)
defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa)
parsedCert, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate")
_, err = sa.AddCertificate(parsedCert.Raw, reg.ID)
test.AssertNotError(t, err, "Couldn't add www.eff.org.der")
status, err := sa.GetCertificateStatus(core.SerialToString(parsedCert.SerialNumber))
test.AssertNotError(t, err, "Couldn't get the core.CertificateStatus from the database")
meta, err := updater.generateResponse(status)
test.AssertNotError(t, err, "Couldn't generate OCSP response")
err = updater.storeResponse(meta)
test.AssertNotError(t, err, "Couldn't store certificate status")
secondMeta, err := updater.generateRevokedResponse(status)
test.AssertNotError(t, err, "Couldn't generate revoked OCSP response")
err = updater.storeResponse(secondMeta)
test.AssertNotError(t, err, "Couldn't store certificate status")
newStatus, err := sa.GetCertificateStatus(status.Serial)
test.AssertNotError(t, err, "Couldn't retrieve certificate status")
test.AssertByteEquals(t, meta.OCSPResponse, newStatus.OCSPResponse)
}示例6: TestStoreResponseGuard
func TestStoreResponseGuard(t *testing.T) {
updater, sa, _, _, cleanUp := setup(t)
defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa)
parsedCert, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate")
_, err = sa.AddCertificate(parsedCert.Raw, reg.ID)
test.AssertNotError(t, err, "Couldn't add www.eff.org.der")
status, err := sa.GetCertificateStatus(core.SerialToString(parsedCert.SerialNumber))
test.AssertNotError(t, err, "Failed to get certificate status")
status.OCSPResponse = []byte{0}
err = updater.storeResponse(&status, core.OCSPStatusRevoked)
test.AssertNotError(t, err, "Failed to update certificate status")
unchangedStatus, err := sa.GetCertificateStatus(core.SerialToString(parsedCert.SerialNumber))
test.AssertNotError(t, err, "Failed to get certificate status")
test.AssertEquals(t, len(unchangedStatus.OCSPResponse), 0)
err = updater.storeResponse(&status, core.OCSPStatusGood)
test.AssertNotError(t, err, "Failed to updated certificate status")
changedStatus, err := sa.GetCertificateStatus(core.SerialToString(parsedCert.SerialNumber))
test.AssertNotError(t, err, "Failed to get certificate status")
test.AssertEquals(t, len(changedStatus.OCSPResponse), 1)
}示例7: main
func main() {
app := cmd.NewAppShell("boulder-ca", "Handles issuance operations")
app.Action = func(c cmd.Config, stats statsd.Statter, auditlogger *blog.AuditLogger) {
// Validate PA config and set defaults if needed
cmd.FailOnError(c.PA.CheckChallenges(), "Invalid PA configuration")
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer auditlogger.AuditPanic()
blog.SetAuditLogger(auditlogger)
go cmd.DebugServer(c.CA.DebugAddr)
dbURL, err := c.PA.DBConfig.URL()
cmd.FailOnError(err, "Couldn't load DB URL")
paDbMap, err := sa.NewDbMap(dbURL)
cmd.FailOnError(err, "Couldn't connect to policy database")
pa, err := policy.NewPolicyAuthorityImpl(paDbMap, c.PA.EnforcePolicyWhitelist, c.PA.Challenges)
cmd.FailOnError(err, "Couldn't create PA")
priv, err := loadPrivateKey(c.CA.Key)
cmd.FailOnError(err, "Couldn't load private key")
issuer, err := core.LoadCert(c.Common.IssuerCert)
cmd.FailOnError(err, "Couldn't load issuer cert")
cai, err := ca.NewCertificateAuthorityImpl(
c.CA,
clock.Default(),
stats,
issuer,
priv,
c.KeyPolicy())
cmd.FailOnError(err, "Failed to create CA impl")
cai.PA = pa
go cmd.ProfileCmd("CA", stats)
amqpConf := c.CA.AMQP
cai.SA, err = rpc.NewStorageAuthorityClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Failed to create SA client")
cai.Publisher, err = rpc.NewPublisherClient(clientName, amqpConf, stats)
cmd.FailOnError(err, "Failed to create Publisher client")
cas, err := rpc.NewAmqpRPCServer(amqpConf, c.CA.MaxConcurrentRPCServerRequests, stats)
cmd.FailOnError(err, "Unable to create CA RPC server")
rpc.NewCertificateAuthorityServer(cas, cai)
err = cas.Start(amqpConf)
cmd.FailOnError(err, "Unable to run CA RPC server")
}
app.Run()
}示例8: init
func init() {
var err error
caKey, err = helpers.ParsePrivateKeyPEM(mustRead(caKeyFile))
if err != nil {
panic(fmt.Sprintf("Unable to parse %s: %s", caKeyFile, err))
}
caCert, err = core.LoadCert(caCertFile)
if err != nil {
panic(fmt.Sprintf("Unable to parse %s: %s", caCertFile, err))
}
}示例9: TestGetCertificatesWithMissingResponses
func TestGetCertificatesWithMissingResponses(t *testing.T) {
updater, sa, _, _, cleanUp := setup(t)
defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa)
cert, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate")
_, err = sa.AddCertificate(cert.Raw, reg.ID)
test.AssertNotError(t, err, "Couldn't add www.eff.org.der")
statuses, err := updater.getCertificatesWithMissingResponses(10)
test.AssertNotError(t, err, "Couldn't get status")
test.AssertEquals(t, len(statuses), 1)
}示例10: loadIssuer
func loadIssuer(issuerConfig cmd.IssuerConfig) (crypto.Signer, *x509.Certificate, error) {
cert, err := core.LoadCert(issuerConfig.CertFile)
if err != nil {
return nil, nil, err
}
signer, err := loadSigner(issuerConfig)
if err != nil {
return nil, nil, err
}
if !core.KeyDigestEquals(signer.Public(), cert.PublicKey) {
return nil, nil, fmt.Errorf("Issuer key did not match issuer cert %s", issuerConfig.CertFile)
}
return signer, cert, err
}示例11: TestOldOCSPResponsesTick
func TestOldOCSPResponsesTick(t *testing.T) {
updater, sa, _, fc, cleanUp := setup(t)
defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa)
parsedCert, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate")
_, err = sa.AddCertificate(parsedCert.Raw, reg.ID)
test.AssertNotError(t, err, "Couldn't add www.eff.org.der")
updater.ocspMinTimeToExpiry = 1 * time.Hour
updater.oldOCSPResponsesTick(10)
certs, err := updater.findStaleOCSPResponses(fc.Now().Add(-updater.ocspMinTimeToExpiry), 10)
test.AssertNotError(t, err, "Failed to find stale responses")
test.AssertEquals(t, len(certs), 0)
}示例12: TestMissingReceiptsTick
func TestMissingReceiptsTick(t *testing.T) {
updater, sa, _, _, cleanUp := setup(t)
defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa)
parsedCert, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate")
_, err = sa.AddCertificate(parsedCert.Raw, reg.ID)
test.AssertNotError(t, err, "Couldn't add www.eff.org.der")
updater.numLogs = 1
updater.oldestIssuedSCT = 1 * time.Hour
updater.missingReceiptsTick(10)
count, err := updater.getNumberOfReceipts("00")
test.AssertNotError(t, err, "Couldn't get number of receipts")
test.AssertEquals(t, count, 1)
}示例13: TestFindRevokedCertificatesToUpdate
func TestFindRevokedCertificatesToUpdate(t *testing.T) {
updater, sa, _, _, cleanUp := setup(t)
defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa)
cert, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate")
_, err = sa.AddCertificate(cert.Raw, reg.ID)
test.AssertNotError(t, err, "Couldn't add www.eff.org.der")
statuses, err := updater.findRevokedCertificatesToUpdate(10)
test.AssertNotError(t, err, "Failed to find revoked certificates")
test.AssertEquals(t, len(statuses), 0)
err = sa.MarkCertificateRevoked(core.SerialToString(cert.SerialNumber), core.RevocationCode(1))
test.AssertNotError(t, err, "Failed to revoke certificate")
statuses, err = updater.findRevokedCertificatesToUpdate(10)
test.AssertNotError(t, err, "Failed to find revoked certificates")
test.AssertEquals(t, len(statuses), 1)
}示例14: TestStoreResponseGuard
func TestStoreResponseGuard(t *testing.T) {
updater, sa, _, _, cleanUp := setup(t)
defer cleanUp()
reg := satest.CreateWorkingRegistration(t, sa)
parsedCert, err := core.LoadCert("test-cert.pem")
test.AssertNotError(t, err, "Couldn't read test certificate")
_, err = sa.AddCertificate(parsedCert.Raw, reg.ID)
test.AssertNotError(t, err, "Couldn't add www.eff.org.der")
status, err := sa.GetCertificateStatus(core.SerialToString(parsedCert.SerialNumber))
test.AssertNotError(t, err, "Failed to get certificate status")
err = sa.MarkCertificateRevoked(core.SerialToString(parsedCert.SerialNumber), 0)
test.AssertNotError(t, err, "Failed to revoked certificate")
// Attempt to update OCSP response where status.Status is good but stored status
// is revoked, this should fail silently
status.OCSPResponse = []byte{0, 1, 1}
err = updater.storeResponse(&status)
test.AssertNotError(t, err, "Failed to update certificate status")
// Make sure the OCSP response hasn't actually changed
unchangedStatus, err := sa.GetCertificateStatus(core.SerialToString(parsedCert.SerialNumber))
test.AssertNotError(t, err, "Failed to get certificate status")
test.AssertEquals(t, len(unchangedStatus.OCSPResponse), 0)
// Changing the status to the stored status should allow the update to occur
status.Status = core.OCSPStatusRevoked
err = updater.storeResponse(&status)
test.AssertNotError(t, err, "Failed to updated certificate status")
// Make sure the OCSP response has been updated
changedStatus, err := sa.GetCertificateStatus(core.SerialToString(parsedCert.SerialNumber))
test.AssertNotError(t, err, "Failed to get certificate status")
test.AssertEquals(t, len(changedStatus.OCSPResponse), 3)
}示例15: TestIssueCertificateMultipleIssuers
// Test issuing when multiple issuers are present.
func TestIssueCertificateMultipleIssuers(t *testing.T) {
testCtx := setup(t)
// Load multiple issuers, and ensure the first one in the list is used.
newIssuerCert, err := core.LoadCert("../test/test-ca2.pem")
test.AssertNotError(t, err, "Failed to load new cert")
newIssuers := []Issuer{
{
Signer: caKey,
// newIssuerCert is first, so it will be the default.
Cert: newIssuerCert,
}, {
Signer: caKey,
Cert: caCert,
},
}
ca, err := NewCertificateAuthorityImpl(
testCtx.caConfig,
testCtx.fc,
testCtx.stats,
newIssuers,
testCtx.keyPolicy,
testCtx.logger)
test.AssertNotError(t, err, "Failed to remake CA")
ca.Publisher = &mocks.Publisher{}
ca.PA = testCtx.pa
ca.SA = &mockSA{}
csr, _ := x509.ParseCertificateRequest(CNandSANCSR)
issuedCert, err := ca.IssueCertificate(ctx, *csr, 1001)
test.AssertNotError(t, err, "Failed to sign certificate")
cert, err := x509.ParseCertificate(issuedCert.DER)
test.AssertNotError(t, err, "Certificate failed to parse")
// Verify cert was signed by newIssuerCert, not caCert.
err = cert.CheckSignatureFrom(newIssuerCert)
test.AssertNotError(t, err, "Certificate failed signature validation")
}