...

Source file src/github.com/googleapis/enterprise-certificate-proxy/internal/signer/test/signer.go

Documentation: github.com/googleapis/enterprise-certificate-proxy/internal/signer/test 

     1  // Copyright 2022 Google LLC.
     2  // Licensed under the Apache License, Version 2.0 (the "License");
     3  // you may not use this file except in compliance with the License.
     4  // You may obtain a copy of the License at
     5  //
     6  //     https://www.apache.org/licenses/LICENSE-2.0
     7  //
     8  // Unless required by applicable law or agreed to in writing, software
     9  // distributed under the License is distributed on an "AS IS" BASIS,
    10  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11  // See the License for the specific language governing permissions and
    12  // limitations under the License.
    13  
    14  // signer.go is a net/rpc server that listens on stdin/stdout, exposing
    15  // mock methods for testing client.go.
    16  package main
    17  
    18  import (
    19  	"crypto"
    20  	"crypto/tls"
    21  	"crypto/x509"
    22  	"io"
    23  	"log"
    24  	"net/rpc"
    25  	"os"
    26  	"time"
    27  )
    28  
    29  // SignArgs encapsulate the parameters for the Sign method.
    30  type SignArgs struct {
    31  	Digest []byte
    32  	Opts   crypto.SignerOpts
    33  }
    34  
    35  // EncryptArgs encapsulate the parameters for the Encrypt method.
    36  type EncryptArgs struct {
    37  	Plaintext []byte
    38  }
    39  
    40  // DecryptArgs encapsulate the parameters for the Decrypt method.
    41  type DecryptArgs struct {
    42  	Ciphertext []byte
    43  }
    44  
    45  // EnterpriseCertSigner exports RPC methods for signing.
    46  type EnterpriseCertSigner struct {
    47  	cert *tls.Certificate
    48  }
    49  
    50  // Connection wraps a pair of unidirectional streams as an io.ReadWriteCloser.
    51  type Connection struct {
    52  	io.ReadCloser
    53  	io.WriteCloser
    54  }
    55  
    56  // Close closes c's underlying ReadCloser and WriteCloser.
    57  func (c *Connection) Close() error {
    58  	rerr := c.ReadCloser.Close()
    59  	werr := c.WriteCloser.Close()
    60  	if rerr != nil {
    61  		return rerr
    62  	}
    63  	return werr
    64  }
    65  
    66  // CertificateChain returns the credential as a raw X509 cert chain. This
    67  // contains the public key.
    68  func (k *EnterpriseCertSigner) CertificateChain(ignored struct{}, certificateChain *[][]byte) error {
    69  	*certificateChain = k.cert.Certificate
    70  	return nil
    71  }
    72  
    73  // Public returns the first public key for this Key, in ASN.1 DER form.
    74  func (k *EnterpriseCertSigner) Public(ignored struct{}, publicKey *[]byte) (err error) {
    75  	if len(k.cert.Certificate) == 0 {
    76  		return nil
    77  	}
    78  	cert, err := x509.ParseCertificate(k.cert.Certificate[0])
    79  	if err != nil {
    80  		return err
    81  	}
    82  	*publicKey, err = x509.MarshalPKIXPublicKey(cert.PublicKey)
    83  	return err
    84  }
    85  
    86  // Sign signs a message digest. For testing, we return the input as-is.
    87  func (k *EnterpriseCertSigner) Sign(args SignArgs, resp *[]byte) (err error) {
    88  	*resp = args.Digest
    89  	return nil
    90  }
    91  
    92  // Encrypt encrypts a plaintext msg. For testing, we return the input as-is.
    93  func (k *EnterpriseCertSigner) Encrypt(args EncryptArgs, plaintext *[]byte) (err error) {
    94  	*plaintext = args.Plaintext
    95  	return nil
    96  }
    97  
    98  // Decrypt decrypts a ciphertext msg. For testing, we return the input as-is.
    99  func (k *EnterpriseCertSigner) Decrypt(args DecryptArgs, ciphertext *[]byte) (err error) {
   100  	*ciphertext = args.Ciphertext
   101  	return nil
   102  }
   103  
   104  func main() {
   105  	enterpriseCertSigner := new(EnterpriseCertSigner)
   106  
   107  	data, err := os.ReadFile(os.Args[1])
   108  	if err != nil {
   109  		log.Fatalf("Error reading certificate: %v", err)
   110  	}
   111  	cert, _ := tls.X509KeyPair(data, data)
   112  
   113  	enterpriseCertSigner.cert = &cert
   114  
   115  	if err := rpc.Register(enterpriseCertSigner); err != nil {
   116  		log.Fatalf("Error registering net/rpc: %v", err)
   117  	}
   118  
   119  	// If the parent process dies, we should exit.
   120  	// We can detect this by periodically checking if the PID of the parent
   121  	// process is 1 (https://stackoverflow.com/a/2035683).
   122  	go func() {
   123  		for {
   124  			if os.Getppid() == 1 {
   125  				log.Fatalln("Parent process died, exiting...")
   126  			}
   127  			time.Sleep(time.Second)
   128  		}
   129  	}()
   130  
   131  	rpc.ServeConn(&Connection{os.Stdin, os.Stdout})
   132  }
   133  

View as plain text