test_signer.go

Documentation: google.golang.org/api/internal/ecp

     1  // Copyright 2022 Google LLC.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  //
     5  // test_signer.go is a net/rpc server that listens on stdin/stdout, exposing
     6  // mock methods for testing enterprise certificate proxy flow.
     7  package main
     8  
     9  import (
    10  	"crypto"
    11  	"crypto/tls"
    12  	"crypto/x509"
    13  	"io"
    14  	"log"
    15  	"net/rpc"
    16  	"os"
    17  	"time"
    18  )
    19  
    20  // SignArgs encapsulate the parameters for the Sign method.
    21  type SignArgs struct {
    22  	Digest []byte
    23  	Opts   crypto.SignerOpts
    24  }
    25  
    26  // EnterpriseCertSigner exports RPC methods for signing.
    27  type EnterpriseCertSigner struct {
    28  	cert *tls.Certificate
    29  }
    30  
    31  // Connection wraps a pair of unidirectional streams as an io.ReadWriteCloser.
    32  type Connection struct {
    33  	io.ReadCloser
    34  	io.WriteCloser
    35  }
    36  
    37  // Close closes c's underlying ReadCloser and WriteCloser.
    38  func (c *Connection) Close() error {
    39  	rerr := c.ReadCloser.Close()
    40  	werr := c.WriteCloser.Close()
    41  	if rerr != nil {
    42  		return rerr
    43  	}
    44  	return werr
    45  }
    46  
    47  // CertificateChain returns the credential as a raw X509 cert chain. This
    48  // contains the public key.
    49  func (k *EnterpriseCertSigner) CertificateChain(ignored struct{}, certificateChain *[][]byte) error {
    50  	*certificateChain = k.cert.Certificate
    51  	return nil
    52  }
    53  
    54  // Public returns the first public key for this Key, in ASN.1 DER form.
    55  func (k *EnterpriseCertSigner) Public(ignored struct{}, publicKey *[]byte) (err error) {
    56  	if len(k.cert.Certificate) == 0 {
    57  		return nil
    58  	}
    59  	cert, err := x509.ParseCertificate(k.cert.Certificate[0])
    60  	if err != nil {
    61  		return err
    62  	}
    63  	*publicKey, err = x509.MarshalPKIXPublicKey(cert.PublicKey)
    64  	return err
    65  }
    66  
    67  // Sign signs a message by encrypting a message digest.
    68  func (k *EnterpriseCertSigner) Sign(args SignArgs, resp *[]byte) (err error) {
    69  	return nil
    70  }
    71  
    72  func main() {
    73  	enterpriseCertSigner := new(EnterpriseCertSigner)
    74  
    75  	data, err := os.ReadFile(os.Args[1])
    76  	if err != nil {
    77  		log.Fatalf("Error reading certificate: %v", err)
    78  	}
    79  	cert, _ := tls.X509KeyPair(data, data)
    80  
    81  	enterpriseCertSigner.cert = &cert
    82  
    83  	if err := rpc.Register(enterpriseCertSigner); err != nil {
    84  		log.Fatalf("Error registering net/rpc: %v", err)
    85  	}
    86  
    87  	// If the parent process dies, we should exit.
    88  	// We can detect this by periodically checking if the PID of the parent
    89  	// process is 1 (https://stackoverflow.com/a/2035683).
    90  	go func() {
    91  		for {
    92  			if os.Getppid() == 1 {
    93  				log.Fatalln("Parent process died, exiting...")
    94  			}
    95  			time.Sleep(time.Second)
    96  		}
    97  	}()
    98  
    99  	rpc.ServeConn(&Connection{os.Stdin, os.Stdout})
   100  }
   101
View as plain text