google.golang.org/grpc@v1.72.2/internal/testutils/tls_creds.go

google.golang.org/grpc@v1.72.2/internal/testutils/tls_creds.go (about)

     1  /*
     2   *
     3   * Copyright 2024 gRPC authors.
     4   *
     5   * Licensed under the Apache License, Version 2.0 (the "License");
     6   * you may not use this file except in compliance with the License.
     7   * You may obtain a copy of the License at
     8   *
     9   *     http://www.apache.org/licenses/LICENSE-2.0
    10   *
    11   * Unless required by applicable law or agreed to in writing, software
    12   * distributed under the License is distributed on an "AS IS" BASIS,
    13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14   * See the License for the specific language governing permissions and
    15   * limitations under the License.
    16   */
    17  
    18  package testutils
    19  
    20  import (
    21  	"crypto/tls"
    22  	"crypto/x509"
    23  	"os"
    24  	"testing"
    25  
    26  	"google.golang.org/grpc/credentials"
    27  	"google.golang.org/grpc/testdata"
    28  )
    29  
    30  // CreateClientTLSCredentials creates client-side TLS transport credentials
    31  // using certificate and key files from testdata/x509 directory.
    32  func CreateClientTLSCredentials(t *testing.T) credentials.TransportCredentials {
    33  	t.Helper()
    34  
    35  	cert, err := tls.LoadX509KeyPair(testdata.Path("x509/client1_cert.pem"), testdata.Path("x509/client1_key.pem"))
    36  	if err != nil {
    37  		t.Fatalf("tls.LoadX509KeyPair(x509/client1_cert.pem, x509/client1_key.pem) failed: %v", err)
    38  	}
    39  	b, err := os.ReadFile(testdata.Path("x509/server_ca_cert.pem"))
    40  	if err != nil {
    41  		t.Fatalf("os.ReadFile(x509/server_ca_cert.pem) failed: %v", err)
    42  	}
    43  	roots := x509.NewCertPool()
    44  	if !roots.AppendCertsFromPEM(b) {
    45  		t.Fatal("Failed to append certificates")
    46  	}
    47  	return credentials.NewTLS(&tls.Config{
    48  		Certificates: []tls.Certificate{cert},
    49  		RootCAs:      roots,
    50  		ServerName:   "x.test.example.com",
    51  	})
    52  }
    53  
    54  // CreateServerTLSCredentials creates server-side TLS transport credentials
    55  // using certificate and key files from testdata/x509 directory.
    56  func CreateServerTLSCredentials(t *testing.T, clientAuth tls.ClientAuthType) credentials.TransportCredentials {
    57  	t.Helper()
    58  
    59  	cert, err := tls.LoadX509KeyPair(testdata.Path("x509/server1_cert.pem"), testdata.Path("x509/server1_key.pem"))
    60  	if err != nil {
    61  		t.Fatalf("tls.LoadX509KeyPair(x509/server1_cert.pem, x509/server1_key.pem) failed: %v", err)
    62  	}
    63  	b, err := os.ReadFile(testdata.Path("x509/client_ca_cert.pem"))
    64  	if err != nil {
    65  		t.Fatalf("os.ReadFile(x509/client_ca_cert.pem) failed: %v", err)
    66  	}
    67  	ca := x509.NewCertPool()
    68  	if !ca.AppendCertsFromPEM(b) {
    69  		t.Fatal("Failed to append certificates")
    70  	}
    71  	return credentials.NewTLS(&tls.Config{
    72  		ClientAuth:   clientAuth,
    73  		Certificates: []tls.Certificate{cert},
    74  		ClientCAs:    ca,
    75  	})
    76  }