github.com/ztalab/ZACA@v0.0.1/pkg/caclient/test/mtls_test.go

github.com/ztalab/ZACA@v0.0.1/pkg/caclient/test/mtls_test.go (about)

     1  package test
     2  
     3  import (
     4  	"crypto/tls"
     5  	"fmt"
     6  	"github.com/valyala/fasthttp"
     7  	"github.com/ztalab/ZACA/pkg/caclient"
     8  	"github.com/ztalab/ZACA/pkg/spiffe"
     9  	"github.com/ztalab/cfssl/helpers"
    10  	cflog "github.com/ztalab/cfssl/log"
    11  	"net"
    12  	"net/http"
    13  	"os"
    14  	"testing"
    15  	"time"
    16  )
    17  
    18  func TestMTls(t *testing.T) {
    19  	cflog.Level = cflog.LevelDebug
    20  	c := caclient.NewCAI(
    21  		caclient.WithCAServer(caclient.RoleDefault, "https://127.0.0.1:8081"),
    22  		caclient.WithOcspAddr("http://127.0.0.1:8082"))
    23  	serverEx, err := c.NewExchanger(&spiffe.IDGIdentity{
    24  		SiteID:    "test_site",
    25  		ClusterID: "cluster_test",
    26  		UniqueID:  "server1",
    27  	})
    28  	clientEx, err := c.NewExchanger(&spiffe.IDGIdentity{
    29  		SiteID:    "test_site",
    30  		ClusterID: "cluster_test",
    31  		UniqueID:  "client1",
    32  	})
    33  	if err != nil {
    34  		t.Error("transport Error: ", err)
    35  	}
    36  
    37  	serverTls, err := serverEx.ServerTLSConfig()
    38  	if err != nil {
    39  		t.Error("Server TLS get error: ", err)
    40  	}
    41  	fmt.Println("------------- Server trust certificate --------------")
    42  	fmt.Println(string(helpers.EncodeCertificatesPEM(serverEx.Transport.ClientTrustStore.Certificates())))
    43  	fmt.Println("------------- END Server trust certificate --------------")
    44  
    45  	clientTls, err := clientEx.ClientTLSConfig("")
    46  	if err != nil {
    47  		t.Error("client tls config get error: ", err)
    48  	}
    49  	fmt.Println("------------- Client trust certificate --------------")
    50  	fmt.Println(string(helpers.EncodeCertificatesPEM(clientEx.Transport.TrustStore.Certificates())))
    51  	fmt.Println("------------- END Client trust certificate --------------")
    52  
    53  	go func() {
    54  		httpsServer(serverTls.TLSConfig())
    55  	}()
    56  	client := httpClient(clientTls.TLSConfig())
    57  	time.Sleep(2 * time.Second)
    58  
    59  	var messages = []string{"hello world", "hello", "world"}
    60  	for range messages {
    61  		resp, err := client.Get("https://127.0.0.1:8082/test111111")
    62  		if err != nil {
    63  			fmt.Fprint(os.Stderr, "request was aborted: ", err)
    64  		}
    65  
    66  		fmt.Println("Request succeeded: ", resp.Status)
    67  	}
    68  }
    69  
    70  func httpClient(cfg *tls.Config) *http.Client {
    71  	client := http.Client{
    72  		Transport: &http.Transport{
    73  			TLSClientConfig:     cfg,
    74  			MaxIdleConns:        50,
    75  			MaxIdleConnsPerHost: 50,
    76  		},
    77  	}
    78  	return &client
    79  }
    80  
    81  func httpsServer(cfg *tls.Config) {
    82  	ln, err := net.Listen("tcp4", "0.0.0.0:8082")
    83  	if err != nil {
    84  		panic(err)
    85  	}
    86  
    87  	defer ln.Close()
    88  
    89  	lnTls := tls.NewListener(ln, cfg)
    90  
    91  	if err := fasthttp.Serve(lnTls, func(ctx *fasthttp.RequestCtx) {
    92  		str := ctx.Request.String()
    93  		fmt.Println("Server reception: ", str)
    94  		ctx.SetStatusCode(200)
    95  		ctx.SetBody([]byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"))
    96  	}); err != nil {
    97  		panic(err)
    98  	}
    99  }