telegraf/testutil/tls.go

102 lines
2.0 KiB
Go

package testutil
import (
"fmt"
"io/ioutil"
"os"
"path"
"github.com/influxdata/telegraf/internal/tls"
)
type pki struct {
path string
}
func NewPKI(path string) *pki {
return &pki{path: path}
}
func (p *pki) TLSClientConfig() *tls.ClientConfig {
return &tls.ClientConfig{
TLSCA: p.CACertPath(),
TLSCert: p.ClientCertPath(),
TLSKey: p.ClientKeyPath(),
}
}
func (p *pki) TLSServerConfig() *tls.ServerConfig {
return &tls.ServerConfig{
TLSAllowedCACerts: []string{p.CACertPath()},
TLSCert: p.ServerCertPath(),
TLSKey: p.ServerKeyPath(),
TLSCipherSuites: []string{p.CipherSuite()},
TLSMinVersion: p.TLSMinVersion(),
TLSMaxVersion: p.TLSMaxVersion(),
}
}
func (p *pki) ReadCACert() string {
return readCertificate(p.CACertPath())
}
func (p *pki) CACertPath() string {
return path.Join(p.path, "cacert.pem")
}
func (p *pki) CipherSuite() string {
return "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
}
func (p *pki) TLSMinVersion() string {
return "TLS11"
}
func (p *pki) TLSMaxVersion() string {
return "TLS12"
}
func (p *pki) ReadClientCert() string {
return readCertificate(p.ClientCertPath())
}
func (p *pki) ClientCertPath() string {
return path.Join(p.path, "clientcert.pem")
}
func (p *pki) ReadClientKey() string {
return readCertificate(p.ClientKeyPath())
}
func (p *pki) ClientKeyPath() string {
return path.Join(p.path, "clientkey.pem")
}
func (p *pki) ReadServerCert() string {
return readCertificate(p.ServerCertPath())
}
func (p *pki) ServerCertPath() string {
return path.Join(p.path, "servercert.pem")
}
func (p *pki) ReadServerKey() string {
return readCertificate(p.ServerKeyPath())
}
func (p *pki) ServerKeyPath() string {
return path.Join(p.path, "serverkey.pem")
}
func readCertificate(filename string) string {
file, err := os.Open(filename)
if err != nil {
panic(fmt.Sprintf("opening %q: %v", filename, err))
}
octets, err := ioutil.ReadAll(file)
if err != nil {
panic(fmt.Sprintf("reading %q: %v", filename, err))
}
return string(octets)
}