tcpchecker: fix expired testdata certificates

Tcpchecker tests were failing due to expired self signed certificates. This commit adds new certificates, a Makefile for regenerating them, and adds test output in case of similar certificate errors. Fixes sourcegraph#108
go-bridget · Apr 3, 2020 · 61e429e · 61e429e
1 parent bf67ea3
commit 61e429e
Show file tree

Hide file tree

Showing 15 changed files with 224 additions and 126 deletions.
diff --git a/sql_disabled.go b/sql_disabled.go
@@ -6,8 +6,8 @@ import (
 	"errors"
 )
 
-type SQL struct {}
+type SQL struct{}
 
 func (sql SQL) Store(results []Result) error {
 	return errors.New("sql data store is disabled")
-}
+}
diff --git a/tcpchecker_test.go b/tcpchecker_test.go
@@ -144,7 +144,7 @@ func TestTCPCheckerWithAgressiveTimeout(t *testing.T) {
 
 func TestTCPCheckerWithTLSNoVerify(t *testing.T) {
 	// Listen on localhost, random port
-	certPair, err := tls.LoadX509KeyPair("testdata/server.pem", "testdata/key.pem")
+	certPair, err := tls.LoadX509KeyPair("testdata/leaf.pem", "testdata/leaf.key")
 	if err != nil {
 		t.Error("Failed to load certificate.", err)
 	}
@@ -249,7 +249,7 @@ func TestTCPCheckerWithTLSNoVerify(t *testing.T) {
 
 func TestTCPCheckerWithTLSVerifySuccess(t *testing.T) {
 	// Listen on localhost, random port
-	certPair, err := tls.LoadX509KeyPair("testdata/server.pem", "testdata/key.pem")
+	certPair, err := tls.LoadX509KeyPair("testdata/leaf.pem", "testdata/leaf.key")
 	if err != nil {
 		t.Error("Failed to load certificate.", err)
 	}
@@ -280,13 +280,18 @@ func TestTCPCheckerWithTLSVerifySuccess(t *testing.T) {
 	// Should know the host:port by now
 	endpt := srv.Addr().String()
 	testName := "TestWithTLSNoVerify"
-	hc := TCPChecker{Name: testName, URL: endpt, TLSEnabled: true, TLSCAFile: "testdata/ca.pem", Attempts: 2}
+	hc := TCPChecker{Name: testName, URL: endpt, TLSEnabled: true, TLSCAFile: "testdata/root.pem", Attempts: 2}
 
 	// Try an up server
 	result, err := hc.Check()
 	if err != nil {
 		t.Errorf("Didn't expect an error: %v", err)
 	}
+	for _, run := range result.Times {
+		if got, want := run.Error, ""; got != want {
+			t.Fatalf("Expected no errors, got %s", got)
+		}
+	}
 
 	if got, want := result.Title, testName; got != want {
 		t.Errorf("Expected result.Title='%s', got '%s'", want, got)
@@ -316,6 +321,11 @@ func TestTCPCheckerWithTLSVerifySuccess(t *testing.T) {
 	if err != nil {
 		t.Errorf("Didn't expect an error: %v", err)
 	}
+	for _, run := range result.Times {
+		if got, want := run.Error, ""; got != want {
+			t.Fatalf("Expected no errors, got %s", got)
+		}
+	}
 	if got, want := result.Healthy, true; got != want {
 		t.Errorf("Expected result.Healthy=%v, got %v", want, got)
 	}
@@ -325,6 +335,11 @@ func TestTCPCheckerWithTLSVerifySuccess(t *testing.T) {
 	if err != nil {
 		t.Errorf("Didn't expect an error: %v", err)
 	}
+	for _, run := range result.Times {
+		if got, want := run.Error, ""; got != want {
+			t.Fatalf("Expected no errors, got %s", got)
+		}
+	}
 	if got, want := result.Degraded, true; got != want {
 		t.Errorf("Expected result.Degraded=%v, got %v", want, got)
 	}
@@ -334,6 +349,11 @@ func TestTCPCheckerWithTLSVerifySuccess(t *testing.T) {
 	if err != nil {
 		t.Errorf("Didn't expect an error: %v", err)
 	}
+	for _, run := range result.Times {
+		if got, want := run.Error, ""; got != want {
+			t.Fatalf("Expected no errors, got %s", got)
+		}
+	}
 	if got, want := result.Down, false; got != want {
 		t.Errorf("Expected result.Down=%v, got %v", want, got)
 	}
@@ -354,7 +374,7 @@ func TestTCPCheckerWithTLSVerifySuccess(t *testing.T) {
 
 func TestTCPCheckerWithTLSVerifyError(t *testing.T) {
 	// Listen on localhost, random port
-	certPair, err := tls.LoadX509KeyPair("testdata/server.pem", "testdata/key.pem")
+	certPair, err := tls.LoadX509KeyPair("testdata/leaf.pem", "testdata/leaf.key")
 	if err != nil {
 		t.Error("Failed to load certificate.", err)
 	}

diff --git a/testdata/Makefile b/testdata/Makefile
@@ -0,0 +1,16 @@
+.PHONY: all generate_cert
+
+all: generate_cert
+
+GOPATH ?= /root/go
+GENERATE_TLS_CERT = $(GOPATH)/bin/generate-tls-cert
+
+$(GENERATE_TLS_CERT):
+	go get -u github.com/Shyp/generate-tls-cert
+
+leaf.pem: | $(GENERATE_TLS_CERT)
+	rm *.crt *.key *.pem -f
+	$(GENERATE_TLS_CERT) --host=localhost,127.0.0.1 -duration 876000h
+
+# Generate TLS certificates for local development.
+generate_cert: leaf.pem | $(GENERATE_TLS_CERT)
diff --git a/testdata/ca.pem b/testdata/ca.pem
diff --git a/testdata/client.debug.crt b/testdata/client.debug.crt
@@ -0,0 +1,43 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: O = Acme Co, CN = Root CA
+        Validity
+            Not Before: Apr  3 11:56:34 2020 GMT
+            Not After : Mar 10 11:56:34 2120 GMT
+        Subject: O = Acme Co, CN = client_auth_test_cert
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:29:11:d6:05:0f:f5:a4:ff:82:b8:47:b8:7b:e1:
+                    9f:c5:3e:4e:99:84:f6:58:4a:99:c0:db:4b:18:da:
+                    52:d5:57:b5:9d:28:26:be:f3:fb:cd:80:ad:80:c9:
+                    6b:ec:8f:48:19:cf:97:da:e6:67:e8:50:c1:0d:07:
+                    a2:90:01:9e:22
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+    Signature Algorithm: ecdsa-with-SHA256
+         30:45:02:21:00:f9:85:ad:5d:f0:e3:1b:1a:06:95:b8:6b:2c:
+         9d:27:d2:0f:b9:10:b9:f4:5a:6d:95:02:eb:99:fa:da:3c:0b:
+         bc:02:20:7e:d1:09:56:ba:6d:f6:b0:bf:fc:ca:89:1d:90:4b:
+         e5:6e:90:bd:fd:77:76:b4:25:5b:d4:c0:a1:1d:b6:b1:fb
+-----BEGIN CERTIFICATE-----
+MIIBfDCCASKgAwIBAgIBBDAKBggqhkjOPQQDAjAkMRAwDgYDVQQKEwdBY21lIENv
+MRAwDgYDVQQDEwdSb290IENBMCAXDTIwMDQwMzExNTYzNFoYDzIxMjAwMzEwMTE1
+NjM0WjAyMRAwDgYDVQQKEwdBY21lIENvMR4wHAYDVQQDDBVjbGllbnRfYXV0aF90
+ZXN0X2NlcnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQpEdYFD/Wk/4K4R7h7
+4Z/FPk6ZhPZYSpnA20sY2lLVV7WdKCa+8/vNgK2AyWvsj0gZz5fa5mfoUMENB6KQ
+AZ4iozUwMzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYD
+VR0TAQH/BAIwADAKBggqhkjOPQQDAgNIADBFAiEA+YWtXfDjGxoGlbhrLJ0n0g+5
+ELn0Wm2VAuuZ+to8C7wCIH7RCVa6bfawv/zKiR2QS+VukL39d3a0JVvUwKEdtrH7
+-----END CERTIFICATE-----
diff --git a/testdata/client.key b/testdata/client.key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIDxE+LU0KvWeyziyXEHG1WDP/Dk/8tVW1YEhtP3/x8BRoAoGCCqGSM49
+AwEHoUQDQgAEKRHWBQ/1pP+CuEe4e+GfxT5OmYT2WEqZwNtLGNpS1Ve1nSgmvvP7
+zYCtgMlr7I9IGc+X2uZn6FDBDQeikAGeIg==
+-----END EC PRIVATE KEY-----
diff --git a/testdata/client.pem b/testdata/client.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBfDCCASKgAwIBAgIBBDAKBggqhkjOPQQDAjAkMRAwDgYDVQQKEwdBY21lIENv
+MRAwDgYDVQQDEwdSb290IENBMCAXDTIwMDQwMzExNTYzNFoYDzIxMjAwMzEwMTE1
+NjM0WjAyMRAwDgYDVQQKEwdBY21lIENvMR4wHAYDVQQDDBVjbGllbnRfYXV0aF90
+ZXN0X2NlcnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQpEdYFD/Wk/4K4R7h7
+4Z/FPk6ZhPZYSpnA20sY2lLVV7WdKCa+8/vNgK2AyWvsj0gZz5fa5mfoUMENB6KQ
+AZ4iozUwMzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYD
+VR0TAQH/BAIwADAKBggqhkjOPQQDAgNIADBFAiEA+YWtXfDjGxoGlbhrLJ0n0g+5
+ELn0Wm2VAuuZ+to8C7wCIH7RCVa6bfawv/zKiR2QS+VukL39d3a0JVvUwKEdtrH7
+-----END CERTIFICATE-----
diff --git a/testdata/key.pem b/testdata/key.pem
diff --git a/testdata/leaf.debug.crt b/testdata/leaf.debug.crt
@@ -0,0 +1,47 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            41:1d:fe:89:9c:0c:32:d8:56:1d:57:62:9c:92:53:b0
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: O = Acme Co, CN = Root CA
+        Validity
+            Not Before: Apr  3 11:56:34 2020 GMT
+            Not After : Mar 10 11:56:34 2120 GMT
+        Subject: O = Acme Co, CN = test_cert_1
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:1b:cb:95:ee:e3:97:76:1b:34:d4:e7:7a:05:62:
+                    7a:ca:cc:c8:e8:87:11:b0:c8:ab:57:b7:c0:6a:31:
+                    26:dd:b5:5c:f4:46:8b:4d:b2:11:54:c3:74:f3:92:
+                    0d:9c:a0:48:9e:4d:3b:3c:08:ce:06:e4:ad:1a:b3:
+                    82:e0:7e:55:6b
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Alternative Name: 
+                DNS:localhost, IP Address:127.0.0.1
+    Signature Algorithm: ecdsa-with-SHA256
+         30:45:02:20:4d:a9:21:f8:a6:ae:ee:53:1b:6d:9c:1a:18:a7:
+         ee:d5:d9:2c:71:e1:7d:66:84:ce:8f:cc:0a:47:4b:d4:53:dc:
+         02:21:00:8a:26:d8:48:7a:29:a6:c7:ff:db:2f:69:28:5a:88:
+         b8:7b:dd:cb:bc:5b:f0:7c:ca:14:4a:f6:d0:ad:91:9b:55
+-----BEGIN CERTIFICATE-----
+MIIBnTCCAUOgAwIBAgIQQR3+iZwMMthWHVdinJJTsDAKBggqhkjOPQQDAjAkMRAw
+DgYDVQQKEwdBY21lIENvMRAwDgYDVQQDEwdSb290IENBMCAXDTIwMDQwMzExNTYz
+NFoYDzIxMjAwMzEwMTE1NjM0WjAoMRAwDgYDVQQKEwdBY21lIENvMRQwEgYDVQQD
+DAt0ZXN0X2NlcnRfMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBvLle7jl3Yb
+NNTnegViesrMyOiHEbDIq1e3wGoxJt21XPRGi02yEVTDdPOSDZygSJ5NOzwIzgbk
+rRqzguB+VWujUTBPMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD
+ATAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATAKBggq
+hkjOPQQDAgNIADBFAiBNqSH4pq7uUxttnBoYp+7V2Sxx4X1mhM6PzApHS9RT3AIh
+AIom2Eh6KabH/9svaShaiLh73cu8W/B8yhRK9tCtkZtV
+-----END CERTIFICATE-----
diff --git a/testdata/leaf.key b/testdata/leaf.key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIJR5CixdEgUd/xXjwuI6P7dEepdUBsEtBBu340YS9W81oAoGCCqGSM49
+AwEHoUQDQgAEG8uV7uOXdhs01Od6BWJ6yszI6IcRsMirV7fAajEm3bVc9EaLTbIR
+VMN085INnKBInk07PAjOBuStGrOC4H5Vaw==
+-----END EC PRIVATE KEY-----
diff --git a/testdata/leaf.pem b/testdata/leaf.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBnTCCAUOgAwIBAgIQQR3+iZwMMthWHVdinJJTsDAKBggqhkjOPQQDAjAkMRAw
+DgYDVQQKEwdBY21lIENvMRAwDgYDVQQDEwdSb290IENBMCAXDTIwMDQwMzExNTYz
+NFoYDzIxMjAwMzEwMTE1NjM0WjAoMRAwDgYDVQQKEwdBY21lIENvMRQwEgYDVQQD
+DAt0ZXN0X2NlcnRfMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBvLle7jl3Yb
+NNTnegViesrMyOiHEbDIq1e3wGoxJt21XPRGi02yEVTDdPOSDZygSJ5NOzwIzgbk
+rRqzguB+VWujUTBPMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcD
+ATAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATAKBggq
+hkjOPQQDAgNIADBFAiBNqSH4pq7uUxttnBoYp+7V2Sxx4X1mhM6PzApHS9RT3AIh
+AIom2Eh6KabH/9svaShaiLh73cu8W/B8yhRK9tCtkZtV
+-----END CERTIFICATE-----
diff --git a/testdata/root.debug.crt b/testdata/root.debug.crt
@@ -0,0 +1,45 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            18:5f:e2:b0:ce:76:c6:8b:5f:f7:0c:17:dc:76:da:19
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: O = Acme Co, CN = Root CA
+        Validity
+            Not Before: Apr  3 11:56:34 2020 GMT
+            Not After : Mar 10 11:56:34 2120 GMT
+        Subject: O = Acme Co, CN = Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:0c:6a:d9:96:25:9f:f7:ae:42:d6:42:87:d8:86:
+                    74:73:42:a9:11:43:f2:1f:1f:8b:33:27:2f:3c:b5:
+                    09:6f:d2:5b:45:55:2c:c3:a9:b3:c5:ce:ae:83:0f:
+                    0d:c5:26:10:64:78:a3:60:93:b8:a6:6d:0f:32:3e:
+                    a3:b8:0a:d7:5f
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: ecdsa-with-SHA256
+         30:45:02:20:15:80:3b:4e:30:4c:d4:46:fa:d9:bd:a2:4a:1d:
+         30:df:24:fb:3e:00:17:aa:12:5c:82:93:1c:83:04:e8:6e:05:
+         02:21:00:92:89:32:81:03:3e:0a:7c:61:13:f1:32:79:d7:53:
+         b2:d1:de:3d:b8:c7:e7:6a:05:61:db:2b:a1:e7:0b:9d:0c
+-----BEGIN CERTIFICATE-----
+MIIBgDCCASagAwIBAgIQGF/isM52xotf9wwX3HbaGTAKBggqhkjOPQQDAjAkMRAw
+DgYDVQQKEwdBY21lIENvMRAwDgYDVQQDEwdSb290IENBMCAXDTIwMDQwMzExNTYz
+NFoYDzIxMjAwMzEwMTE1NjM0WjAkMRAwDgYDVQQKEwdBY21lIENvMRAwDgYDVQQD
+EwdSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDGrZliWf965C1kKH
+2IZ0c0KpEUPyHx+LMycvPLUJb9JbRVUsw6mzxc6ugw8NxSYQZHijYJO4pm0PMj6j
+uArXX6M4MDYwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G
+A1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgFYA7TjBM1Eb62b2iSh0w
+3yT7PgAXqhJcgpMcgwTobgUCIQCSiTKBAz4KfGET8TJ511Oy0d49uMfnagVh2yuh
+5wudDA==
+-----END CERTIFICATE-----
diff --git a/testdata/root.key b/testdata/root.key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIJgtDAjzxGibF9c2tdx0CwwUuVzxzwPacyH2RwVEkpULoAoGCCqGSM49
+AwEHoUQDQgAEDGrZliWf965C1kKH2IZ0c0KpEUPyHx+LMycvPLUJb9JbRVUsw6mz
+xc6ugw8NxSYQZHijYJO4pm0PMj6juArXXw==
+-----END EC PRIVATE KEY-----
diff --git a/testdata/root.pem b/testdata/root.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBgDCCASagAwIBAgIQGF/isM52xotf9wwX3HbaGTAKBggqhkjOPQQDAjAkMRAw
+DgYDVQQKEwdBY21lIENvMRAwDgYDVQQDEwdSb290IENBMCAXDTIwMDQwMzExNTYz
+NFoYDzIxMjAwMzEwMTE1NjM0WjAkMRAwDgYDVQQKEwdBY21lIENvMRAwDgYDVQQD
+EwdSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDGrZliWf965C1kKH
+2IZ0c0KpEUPyHx+LMycvPLUJb9JbRVUsw6mzxc6ugw8NxSYQZHijYJO4pm0PMj6j
+uArXX6M4MDYwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G
+A1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgFYA7TjBM1Eb62b2iSh0w
+3yT7PgAXqhJcgpMcgwTobgUCIQCSiTKBAz4KfGET8TJ511Oy0d49uMfnagVh2yuh
+5wudDA==
+-----END CERTIFICATE-----