1
// Copyright Istio Authors
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
7
// http://www.apache.org/licenses/LICENSE-2.0
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
25
privatecapb "cloud.google.com/go/security/privateca/apiv1/privatecapb"
26
"google.golang.org/grpc"
27
"google.golang.org/grpc/codes"
28
"google.golang.org/grpc/status"
29
"google.golang.org/grpc/test/bufconn"
36
var lis *bufconn.Listener
38
type ContextDialer func(ctx context.Context, address string) (net.Conn, error)
40
func ContextDialerCreate(listener *bufconn.Listener) ContextDialer {
41
bufDialer := func(ctx context.Context, address string) (net.Conn, error) {
42
return listener.Dial()
47
type certificate struct {
53
// CASService is a mock Google CAS Service.
54
type CASService struct {
55
privatecapb.UnimplementedCertificateAuthorityServiceServer
58
CaCertBundle [][]string
61
func parseCertificateAuthorityPath(p string) (project, location, name string, err error) {
62
pieces := strings.Split(p, "/")
64
return "", "", "", errors.New("malformed certificate authority path")
66
if pieces[0] != "projects" {
67
return "", "", "", errors.New("malformed certificate authority path")
70
if pieces[2] != "locations" {
71
return "", "", "", errors.New("malformed certificate authority path")
74
if pieces[4] != "caPools" {
75
return "", "", "", errors.New("malformed certificate authority path")
78
return project, location, name, nil
81
func (ca CASService) certEncode(cert *certificate) *privatecapb.Certificate {
82
pb := &privatecapb.Certificate{
83
Name: cert.resourcePath,
85
if len(cert.certPEM) != 0 {
86
pb.PemCertificate = cert.certPEM
88
if len(cert.certChainPEM) != 0 {
89
pb.PemCertificateChain = cert.certChainPEM
94
// CreateCertificate is a mocked function for the Google CAS CA API.
95
func (ca CASService) CreateCertificate(ctx context.Context, req *privatecapb.CreateCertificateRequest) (*privatecapb.Certificate, error) {
96
_, _, _, err := parseCertificateAuthorityPath(req.Parent)
98
return nil, status.Error(codes.InvalidArgument, "malformed ca path")
100
project, location, authority, _ := parseCertificateAuthorityPath(req.GetParent())
101
switch req.GetCertificate().CertificateConfig.(type) {
102
case *privatecapb.Certificate_PemCsr:
103
return nil, status.Errorf(codes.InvalidArgument, "cannot request certificates using PEM CSR format")
105
certResourcePath := path.Join("projects", project, "locations", location, "caPools", authority, "certificates", req.GetCertificate().GetName())
106
certObj := &certificate{
107
resourcePath: certResourcePath,
109
certChainPEM: ca.CertChainPEM,
111
return ca.certEncode(certObj), nil
114
func (ca CASService) FetchCaCerts(ctx context.Context, req *privatecapb.FetchCaCertsRequest) (*privatecapb.FetchCaCertsResponse, error) {
115
_, _, _, err := parseCertificateAuthorityPath(req.GetCaPool())
117
return nil, status.Error(codes.InvalidArgument, "malformed ca path")
119
certChains := []*privatecapb.FetchCaCertsResponse_CertChain{}
120
for _, trustBundle := range ca.CaCertBundle {
121
certChain := &privatecapb.FetchCaCertsResponse_CertChain{}
122
certChain.Certificates = trustBundle
123
certChains = append(certChains, certChain)
125
resp := &privatecapb.FetchCaCertsResponse{
131
// CASServer is the mocked Google CAS server.
132
type CASServer struct {
137
// CreateServer creates a mocked local Google CAS server and runs it in a separate goroutine.
138
func CreateServer(service *CASService) (*CASServer, *bufconn.Listener, error) {
141
Server: grpc.NewServer(),
144
lis = bufconn.Listen(bufSize)
145
serveErr := make(chan error, 1)
148
privatecapb.RegisterCertificateAuthorityServiceServer(s.Server, service)
149
err := s.Server.Serve(lis)
155
case <-time.After(100 * time.Millisecond):
157
case err = <-serveErr:
167
// Stop stops the Mock Mesh CA server.
168
func (s *CASServer) Stop() {