Hide some low-level stuff from public certificate API in Go.

2025-06-05 20:13:44 +02:00 · 2020-07-13 14:54:53 -07:00 · 2020-07-13 14:54:53 -07:00 · 15f5125c8c
commit 15f5125c8c
parent e5f2314055
3 changed files with 29 additions and 52 deletions
--- a/cmd/zt_service_tests/certificate.go
+++ b/cmd/zt_service_tests/certificate.go
@ -15,23 +15,20 @@ package main

 import (
 	"bytes"
-	"encoding/json"
 	"fmt"
 	"zerotier/pkg/zerotier"
 )

 func TestCertificate() bool {
-	fmt.Println("Checking Certificate conversion to/from C ZT_Certificate structure...")
-
 	id, err := zerotier.NewIdentityFromString("8e4df28b72:0:ac3d46abe0c21f3cfe7a6c8d6a85cfcffcb82fbd55af6a4d6350657c68200843fa2e16f9418bbd9702cae365f2af5fb4c420908b803a681d4daef6114d78a2d7:bd8dd6e4ce7022d2f812797a80c6ee8ad180dc4ebf301dec8b06d1be08832bddd63a2f1cfa7b2c504474c75bdc8898ba476ef92e8e2d0509f8441985171ff16e")
 	if err != nil {
-		fmt.Printf("  Error deserializing test identity: %s\n", err.Error())
+		fmt.Printf("FATAL: error deserializing test identity: %s\n", err.Error())
 		return false
 	}

 	uniqueId, uniqueIdPrivate, err := zerotier.NewCertificateSubjectUniqueId(zerotier.CertificateUniqueIdTypeNistP384)
 	if err != nil {
-		fmt.Printf("  Error generating unique ID: %s", err.Error())
+		fmt.Printf("FATAL: error generating unique ID: %s", err.Error())
 		return false
 	}

@ -92,33 +89,8 @@ func TestCertificate() bool {
 	c.MaxPathLength = 9999
 	c.Signature = []byte("qwerty")

-	for k := 0; k < 1; k++ {
-		cc := c.CCertificate()
-		if cc == nil {
-			fmt.Println("  Error converting Certificate to ZT_Certificate")
-			return false
-		}
-		c2 := zerotier.NewCertificateFromCCertificate(cc)
-		if c2 == nil {
-			fmt.Println("  Error converting ZT_Certificate to Certificate")
-			return false
-		}
-		zerotier.DeleteCCertificate(cc)
-
-		j, _ := json.Marshal(c)
-		j2, _ := json.Marshal(c2)
-		if !bytes.Equal(j, j2) {
-			j, _ = json.MarshalIndent(c, "", "  ")
-			j2, _ = json.MarshalIndent(c2, "", "  ")
-			fmt.Print("  Deep equality test failed: certificates do not match! (see dumps below)\n\n")
-			fmt.Println(string(j))
-			fmt.Println(string(j2))
-			return false
-		}
-	}
-
-	fmt.Printf("Checking certificate marshal/unmarshal... ")
-	for k := 0; k < 1; k++ {
+	fmt.Printf("Checking certificate marshal/unmarshal (10000 tests)... ")
+	for k := 0; k < 10000; k++ {
 		cb, err := c.Marshal()
 		if err != nil {
 			fmt.Printf("marshal FAILED (%s)\n", err.Error())
@ -141,14 +113,14 @@ func TestCertificate() bool {
 	}
 	fmt.Println("OK")

-	fmt.Printf("Checking certificate CSR sign/verify... ")
-	for k := 0; k < 1; k++ {
+	fmt.Printf("Checking certificate CSR sign/verify (100 tests)... ")
+	for k := 0; k < 100; k++ {
 		csr, err := zerotier.NewCertificateCSR(&c.Subject, uniqueId, uniqueIdPrivate)
 		if err != nil {
 			fmt.Printf("CSR generate FAILED (%s)\n", err.Error())
 			return false
 		}
-		fmt.Printf("CSR size: %d ", len(csr))
+		//fmt.Printf("CSR size: %d ", len(csr))
 		csr2, err := zerotier.NewCertificateFromBytes(csr, false)
 		if err != nil {
 			fmt.Printf("CSR decode FAILED (%s)\n", err.Error())
--- a/cmd/zt_service_tests/zt_service_tests.go
+++ b/cmd/zt_service_tests/zt_service_tests.go
@ -2,9 +2,14 @@ package main

 import (
 	"os"
+	"runtime"
+	"runtime/debug"
 )

 func main() {
+	runtime.GOMAXPROCS(1)
+	debug.SetGCPercent(15)
+
 	if !TestCertificate() {
 		os.Exit(1)
 	}
--- a/pkg/zerotier/certificate.go
+++ b/pkg/zerotier/certificate.go
@ -50,7 +50,7 @@ type CertificateName struct {

 // CertificateIdentity bundles an identity with an optional locator.
 type CertificateIdentity struct {
-	Identity *Identity `json:"identity"`
+	Identity *Identity `json:"identity,omitempty"`
 	Locator  *Locator  `json:"locator,omitempty"`
 }

@ -136,15 +136,15 @@ func NewCertificateFromBytes(cert []byte, verify bool) (*Certificate, error) {
 	}
 	defer C.ZT_Certificate_delete((*C.ZT_Certificate)(dec))

-	goCert := NewCertificateFromCCertificate(dec)
+	goCert := newCertificateFromCCertificate(dec)
 	if goCert == nil {
 		return nil, ErrInternal
 	}
 	return goCert, nil
 }

-// NewCertificateFromCCertificate translates a C ZT_Certificate into a Go Certificate.
-func NewCertificateFromCCertificate(ccptr unsafe.Pointer) *Certificate {
+// newCertificateFromCCertificate translates a C ZT_Certificate into a Go Certificate.
+func newCertificateFromCCertificate(ccptr unsafe.Pointer) *Certificate {
 	cc := (*C.ZT_Certificate)(ccptr)
 	c := new(Certificate)

@ -265,14 +265,14 @@ func NewCertificateFromCCertificate(ccptr unsafe.Pointer) *Certificate {
 	return c
 }

-// DeleteCCertificate deletes a ZT_Certificate object returned by Certificate.CCertificate()
-func DeleteCCertificate(cc unsafe.Pointer) {
+// deleteCCertificate deletes a ZT_Certificate object returned by Certificate.CCertificate()
+func deleteCCertificate(cc unsafe.Pointer) {
 	C.ZT_Certificate_delete((*C.ZT_Certificate)(cc))
 }

-// CCertificate creates a C ZT_Certificate structure from the content of a Certificate.
-// It must be deleted with DeleteCCertificate.
-func (c *Certificate) CCertificate() unsafe.Pointer {
+// cCertificate creates a C ZT_Certificate structure from the content of a Certificate.
+// It must be deleted with deleteCCertificate.
+func (c *Certificate) cCertificate() unsafe.Pointer {
 	var cc C.ZT_Certificate
 	var subjectIdentities []C.ZT_Certificate_Identity
 	var subjectNetworks []C.ZT_Certificate_Network
@ -400,11 +400,11 @@ func (c *Certificate) CCertificate() unsafe.Pointer {

 // Marshal encodes this certificate as a byte array.
 func (c *Certificate) Marshal() ([]byte, error) {
-	cc := c.CCertificate()
+	cc := c.cCertificate()
 	if cc == nil {
 		return nil, ErrInternal
 	}
-	defer DeleteCCertificate(cc)
+	defer deleteCCertificate(cc)
 	var encoded [16384]byte
 	encodedSize := C.int(16384)
 	rv := int(C.ZT_Certificate_encode((*C.ZT_Certificate)(cc), unsafe.Pointer(&encoded[0]), &encodedSize))
@ -422,11 +422,11 @@ func (c *Certificate) Sign(id *Identity) (*Certificate, error) {
 	if id == nil || !id.HasPrivate() {
 		return nil, ErrInvalidParameter
 	}
-	ctmp := c.CCertificate()
+	ctmp := c.cCertificate()
 	if ctmp == nil {
 		return nil, ErrInternal
 	}
-	defer DeleteCCertificate(ctmp)
+	defer deleteCCertificate(ctmp)
 	var signedCert [16384]byte
 	signedCertSize := C.int(16384)
 	rv := int(C.ZT_Certificate_sign((*C.ZT_Certificate)(ctmp), id.cIdentity(), unsafe.Pointer(&signedCert[0]), &signedCertSize))
@ -438,11 +438,11 @@ func (c *Certificate) Sign(id *Identity) (*Certificate, error) {

 // Verify returns nil on success or a certificate error if there is a problem with this certificate.
 func (c *Certificate) Verify() error {
-	cc := c.CCertificate()
+	cc := c.cCertificate()
 	if cc == nil {
 		return ErrInternal
 	}
-	defer DeleteCCertificate(cc)
+	defer deleteCCertificate(cc)
 	return certificateErrorToError(int(C.ZT_Certificate_verify((*C.ZT_Certificate)(cc))))
 }

@ -496,11 +496,11 @@ func NewCertificateCSR(subject *CertificateSubject, uniqueId []byte, uniqueIdPri

 	var tmp Certificate
 	tmp.Subject = *subject
-	ctmp := tmp.CCertificate()
+	ctmp := tmp.cCertificate()
 	if ctmp == nil {
 		return nil, ErrInternal
 	}
-	defer DeleteCCertificate(ctmp)
+	defer deleteCCertificate(ctmp)

 	var csr [16384]byte
 	csrSize := C.int(16384)