Constants for per-operation choices.
const (
ParamTooBig = Choice("ParamTooBig")
Param2TooBig = Choice("Param2TooBig")
ParamNegative = Choice("ParamNegative")
ParamInvalid = Choice("ParamInvalid")
ParamsInverted = Choice("ParamsInverted")
InvalidBase64 = Choice("InvalidBase64")
EmptyChain = Choice("EmptyChain")
CertNotPrecert = Choice("CertNotPrecert")
PrecertNotCert = Choice("PrecertNotCert")
NoChainToRoot = Choice("NoChainToRoot")
UnparsableCert = Choice("UnparsableCert")
NewCert = Choice("NewCert")
LastCert = Choice("LastCert")
FirstCert = Choice("FirstCert")
)
DefaultTransport is a http Transport more suited for use in the hammer context. In particular it increases the number of reusable connections to the same host. This helps to prevent starvation of ports through TIME_WAIT when using the hammer with a high number of parallel chain submissions.
var DefaultTransport = &http.Transport{ Proxy: http.ProxyFromEnvironment, DialContext: (&net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second, }).DialContext, MaxIdleConns: 1000, MaxIdleConnsPerHost: 1000, IdleConnTimeout: 90 * time.Second, TLSHandshakeTimeout: 10 * time.Second, ExpectContinueTimeout: 1 * time.Second, }
func CertsFromPEM(data []byte) []ct.ASN1Cert
CertsFromPEM loads X.509 certificates from the provided PEM-encoded data.
func GetChain(dir, path string) ([]ct.ASN1Cert, error)
GetChain retrieves a certificate from a file of the given name and directory.
func HammerCTLog(ctx context.Context, cfg HammerConfig) error
HammerCTLog performs load/stress operations according to given config.
func MakeSigner(testDir string) (crypto.Signer, error)
MakeSigner creates a signer using the private key in the test directory.
func NotAfterForLog(c *configpb.LogConfig) (time.Time, error)
NotAfterForLog returns a NotAfter time to be used for certs submitted to the given log instance, allowing for any temporal shard configuration.
func RunCTIntegrationForLog(cfg *configpb.LogConfig, servers, metricsServers, testdir string, mmd time.Duration, stats *logStats) error
RunCTIntegrationForLog tests against the log with configuration cfg, with a set of comma-separated server addresses given by servers, assuming that testdir holds a variety of test data files. nolint: gocyclo
func RunCTLifecycleForLog(cfg *configpb.LogConfig, servers, metricsServers, adminServer string, testDir string, mmd time.Duration, stats *logStats) error
RunCTLifecycleForLog does a simple log lifecycle test. The log is assumed to be newly created when this test runs. A random number of entries are then submitted to build up a queue. The log is set to DRAINING state and the test checks that all the entries are integrated into the tree and we can verify a consistency proof to the latest entry.
CTLogEnv is a test environment that contains both a log server and a CT personality connected to it.
type CTLogEnv struct {
CTAddr string
// contains filtered or unexported fields
}
func NewCTLogEnv(ctx context.Context, cfgs []*configpb.LogConfig, numSequencers int, testID string) (*CTLogEnv, error)
NewCTLogEnv creates a fresh DB, log server, and CT personality. testID should be unique to each unittest package so as to allow parallel tests. Created logIDs will be set to cfgs.
func (env *CTLogEnv) Close()
Close shuts down the servers.
ChainGenerator encapsulates objects that can generate certificate chains for testing.
type ChainGenerator interface {
// CertChain generates a certificate chain.
CertChain() ([]ct.ASN1Cert, error)
// PreCertChain generates a precertificate chain, and also returns the leaf TBS data
PreCertChain() ([]ct.ASN1Cert, []byte, error)
}
func NewCopyChainGenerator(ctx context.Context, client *client.LogClient, cfg *configpb.LogConfig, startIndex int64, bufSize int) (ChainGenerator, error)
NewCopyChainGenerator builds a certificate chain generator that sources chains from another source log, starting at startIndex (or a random index in the current tree size if startIndex is negative). This function starts background goroutines that scan the log; cancelling the context will terminate these goroutines (after that the [Pre]CertChain() entrypoints will permanently fail).
func NewCopyChainGeneratorFromOpts(ctx context.Context, client *client.LogClient, cfg *configpb.LogConfig, opts CopyChainOptions) (ChainGenerator, error)
NewCopyChainGeneratorFromOpts builds a certificate chain generator that sources chains from another source log, starting at opts.StartIndex (or a random index in the current tree size if this is negative). This function starts background goroutines that scan the log; cancelling the context will terminate these goroutines (after that the [Pre]CertChain() entrypoints will permanently fail).
func NewSyntheticChainGenerator(chain []ct.ASN1Cert, signer crypto.Signer, notAfter time.Time) (ChainGenerator, error)
NewSyntheticChainGenerator returns a ChainGenerator that mints synthetic certificates based on the given template chain. The provided signer should match the public key of the first issuer cert.
Choice represents a random decision about a hammer operation.
type Choice string
ClientPool describes an entity which produces LogClient instances.
type ClientPool interface {
// Next returns the next LogClient instance to be used.
Next() *client.LogClient
}
func NewRandomPool(servers string, pubKey *keyspb.PublicKey, prefix string) (ClientPool, error)
NewRandomPool creates a pool which returns a random client from list of servers.
CopyChainGenerator creates certificate chains by copying suitable examples from a source log.
type CopyChainGenerator struct {
// contains filtered or unexported fields
}
func (g *CopyChainGenerator) CertChain() ([]ct.ASN1Cert, error)
CertChain returns a new cert chain taken from the source log. This may block until a suitable cert has been discovered in the source log.
func (g *CopyChainGenerator) PreCertChain() ([]ct.ASN1Cert, []byte, error)
PreCertChain returns a new precert chain taken from the source log. This may block until a suitable precert has been discovered in the source log.
CopyChainOptions describes the parameters for a CopyChainGenerator instance.
type CopyChainOptions struct {
// StartIndex indicates where to start scanning; negative value implies starting from a random position.
StartIndex int64
// BufSize is the number of buffered chains to hold.
BufSize int
// BatchSize indicates how many entries should be requested from the source log at a time.
BatchSize int
// ParallelFetch indicates how many parallel entry fetchers to run.
ParallelFetch int
}
GeneratorFactory is a method that builds a Log-specific ChainGenerator.
type GeneratorFactory func(c *configpb.LogConfig) (ChainGenerator, error)
func SyntheticGeneratorFactory(testDir, leafNotAfter string) (GeneratorFactory, error)
SyntheticGeneratorFactory returns a function that creates per-Log ChainGenerator instances that create synthetic certificates (details of which are specified by the arguments).
HammerBias indicates the bias for selecting different log operations.
type HammerBias struct {
Bias map[ctfe.EntrypointName]int
// InvalidChance gives the odds of performing an invalid operation, as the N in 1-in-N.
InvalidChance map[ctfe.EntrypointName]int
// contains filtered or unexported fields
}
func (hb HammerBias) Choose() ctfe.EntrypointName
Choose randomly picks an operation to perform according to the biases.
func (hb HammerBias) Invalid(ep ctfe.EntrypointName) bool
Invalid randomly chooses whether an operation should be invalid.
HammerConfig provides configuration for a stress/load test.
type HammerConfig struct {
// Configuration for the log.
LogCfg *configpb.LogConfig
// How to create process-wide metrics.
MetricFactory monitoring.MetricFactory
// Maximum merge delay.
MMD time.Duration
// Certificate chain generator.
ChainGenerator ChainGenerator
// ClientPool provides the clients used to make requests.
ClientPool ClientPool
// Bias values to favor particular log operations.
EPBias HammerBias
// Range of how many entries to get.
MinGetEntries, MaxGetEntries int
// OversizedGetEntries governs whether get-entries requests that go beyond the
// current tree size are allowed (with a truncated response expected).
OversizedGetEntries bool
// Number of operations to perform.
Operations uint64
// Rate limiter
Limiter Limiter
// MaxParallelChains sets the upper limit for the number of parallel
// add-*-chain requests to make when the biasing model says to perform an add.
MaxParallelChains int
// EmitInterval defines how frequently stats are logged.
EmitInterval time.Duration
// IgnoreErrors controls whether a hammer run fails immediately on any error.
IgnoreErrors bool
// MaxRetryDuration governs how long to keep retrying when IgnoreErrors is true.
MaxRetryDuration time.Duration
// RequestDeadline indicates the deadline to set on each request to the log.
RequestDeadline time.Duration
// DuplicateChance sets the probability of attempting to add a duplicate when
// calling add[-pre]-chain (as the N in 1-in-N). Set to 0 to disable sending
// duplicates.
DuplicateChance int
// StrictSTHConsistencySize if set to true will cause Hammer to only request
// STH consistency proofs between tree sizes for which it's seen valid STHs.
// If set to false, Hammer will request a consistency proof between the
// current tree size, and a random smaller size greater than zero.
StrictSTHConsistencySize bool
}
Limiter is an interface to allow different rate limiters to be used with the hammer.
type Limiter interface {
Wait(context.Context) error
}
RandomPool holds a collection of CT LogClient instances.
type RandomPool []*client.LogClient
func (p RandomPool) Next() *client.LogClient
Next picks a random client from the pool.
SyntheticChainGenerator builds synthetic certificate chains based on a template chain and intermediate CA private key.
type SyntheticChainGenerator struct {
// contains filtered or unexported fields
}
func (g *SyntheticChainGenerator) CertChain() ([]ct.ASN1Cert, error)
CertChain builds a new synthetic chain with a fresh leaf cert, changing SubjectKeyId and re-signing.
func (g *SyntheticChainGenerator) PreCertChain() ([]ct.ASN1Cert, []byte, error)
PreCertChain builds a new synthetic precert chain; also returns the leaf TBS data.