From 15f5125c8ce5c68448f3fe28a4515095be867080 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Mon, 13 Jul 2020 14:54:53 -0700 Subject: [PATCH] Hide some low-level stuff from public certificate API in Go. --- cmd/zt_service_tests/certificate.go | 42 ++++-------------------- cmd/zt_service_tests/zt_service_tests.go | 5 +++ pkg/zerotier/certificate.go | 34 +++++++++---------- 3 files changed, 29 insertions(+), 52 deletions(-) diff --git a/cmd/zt_service_tests/certificate.go b/cmd/zt_service_tests/certificate.go index 67b49fd51..75b34c487 100644 --- a/cmd/zt_service_tests/certificate.go +++ b/cmd/zt_service_tests/certificate.go @@ -15,23 +15,20 @@ package main import ( "bytes" - "encoding/json" "fmt" "zerotier/pkg/zerotier" ) func TestCertificate() bool { - fmt.Println("Checking Certificate conversion to/from C ZT_Certificate structure...") - id, err := zerotier.NewIdentityFromString("8e4df28b72:0:ac3d46abe0c21f3cfe7a6c8d6a85cfcffcb82fbd55af6a4d6350657c68200843fa2e16f9418bbd9702cae365f2af5fb4c420908b803a681d4daef6114d78a2d7:bd8dd6e4ce7022d2f812797a80c6ee8ad180dc4ebf301dec8b06d1be08832bddd63a2f1cfa7b2c504474c75bdc8898ba476ef92e8e2d0509f8441985171ff16e") if err != nil { - fmt.Printf(" Error deserializing test identity: %s\n", err.Error()) + fmt.Printf("FATAL: error deserializing test identity: %s\n", err.Error()) return false } uniqueId, uniqueIdPrivate, err := zerotier.NewCertificateSubjectUniqueId(zerotier.CertificateUniqueIdTypeNistP384) if err != nil { - fmt.Printf(" Error generating unique ID: %s", err.Error()) + fmt.Printf("FATAL: error generating unique ID: %s", err.Error()) return false } @@ -92,33 +89,8 @@ func TestCertificate() bool { c.MaxPathLength = 9999 c.Signature = []byte("qwerty") - for k := 0; k < 1; k++ { - cc := c.CCertificate() - if cc == nil { - fmt.Println(" Error converting Certificate to ZT_Certificate") - return false - } - c2 := zerotier.NewCertificateFromCCertificate(cc) - if c2 == nil { - fmt.Println(" Error converting ZT_Certificate to Certificate") - return false - } - zerotier.DeleteCCertificate(cc) - - j, _ := json.Marshal(c) - j2, _ := json.Marshal(c2) - if !bytes.Equal(j, j2) { - j, _ = json.MarshalIndent(c, "", " ") - j2, _ = json.MarshalIndent(c2, "", " ") - fmt.Print(" Deep equality test failed: certificates do not match! (see dumps below)\n\n") - fmt.Println(string(j)) - fmt.Println(string(j2)) - return false - } - } - - fmt.Printf("Checking certificate marshal/unmarshal... ") - for k := 0; k < 1; k++ { + fmt.Printf("Checking certificate marshal/unmarshal (10000 tests)... ") + for k := 0; k < 10000; k++ { cb, err := c.Marshal() if err != nil { fmt.Printf("marshal FAILED (%s)\n", err.Error()) @@ -141,14 +113,14 @@ func TestCertificate() bool { } fmt.Println("OK") - fmt.Printf("Checking certificate CSR sign/verify... ") - for k := 0; k < 1; k++ { + fmt.Printf("Checking certificate CSR sign/verify (100 tests)... ") + for k := 0; k < 100; k++ { csr, err := zerotier.NewCertificateCSR(&c.Subject, uniqueId, uniqueIdPrivate) if err != nil { fmt.Printf("CSR generate FAILED (%s)\n", err.Error()) return false } - fmt.Printf("CSR size: %d ", len(csr)) + //fmt.Printf("CSR size: %d ", len(csr)) csr2, err := zerotier.NewCertificateFromBytes(csr, false) if err != nil { fmt.Printf("CSR decode FAILED (%s)\n", err.Error()) diff --git a/cmd/zt_service_tests/zt_service_tests.go b/cmd/zt_service_tests/zt_service_tests.go index 825ff3508..6d6179aca 100644 --- a/cmd/zt_service_tests/zt_service_tests.go +++ b/cmd/zt_service_tests/zt_service_tests.go @@ -2,9 +2,14 @@ package main import ( "os" + "runtime" + "runtime/debug" ) func main() { + runtime.GOMAXPROCS(1) + debug.SetGCPercent(15) + if !TestCertificate() { os.Exit(1) } diff --git a/pkg/zerotier/certificate.go b/pkg/zerotier/certificate.go index cc9207d82..3e928fca1 100644 --- a/pkg/zerotier/certificate.go +++ b/pkg/zerotier/certificate.go @@ -50,7 +50,7 @@ type CertificateName struct { // CertificateIdentity bundles an identity with an optional locator. type CertificateIdentity struct { - Identity *Identity `json:"identity"` + Identity *Identity `json:"identity,omitempty"` Locator *Locator `json:"locator,omitempty"` } @@ -136,15 +136,15 @@ func NewCertificateFromBytes(cert []byte, verify bool) (*Certificate, error) { } defer C.ZT_Certificate_delete((*C.ZT_Certificate)(dec)) - goCert := NewCertificateFromCCertificate(dec) + goCert := newCertificateFromCCertificate(dec) if goCert == nil { return nil, ErrInternal } return goCert, nil } -// NewCertificateFromCCertificate translates a C ZT_Certificate into a Go Certificate. -func NewCertificateFromCCertificate(ccptr unsafe.Pointer) *Certificate { +// newCertificateFromCCertificate translates a C ZT_Certificate into a Go Certificate. +func newCertificateFromCCertificate(ccptr unsafe.Pointer) *Certificate { cc := (*C.ZT_Certificate)(ccptr) c := new(Certificate) @@ -265,14 +265,14 @@ func NewCertificateFromCCertificate(ccptr unsafe.Pointer) *Certificate { return c } -// DeleteCCertificate deletes a ZT_Certificate object returned by Certificate.CCertificate() -func DeleteCCertificate(cc unsafe.Pointer) { +// deleteCCertificate deletes a ZT_Certificate object returned by Certificate.CCertificate() +func deleteCCertificate(cc unsafe.Pointer) { C.ZT_Certificate_delete((*C.ZT_Certificate)(cc)) } -// CCertificate creates a C ZT_Certificate structure from the content of a Certificate. -// It must be deleted with DeleteCCertificate. -func (c *Certificate) CCertificate() unsafe.Pointer { +// cCertificate creates a C ZT_Certificate structure from the content of a Certificate. +// It must be deleted with deleteCCertificate. +func (c *Certificate) cCertificate() unsafe.Pointer { var cc C.ZT_Certificate var subjectIdentities []C.ZT_Certificate_Identity var subjectNetworks []C.ZT_Certificate_Network @@ -400,11 +400,11 @@ func (c *Certificate) CCertificate() unsafe.Pointer { // Marshal encodes this certificate as a byte array. func (c *Certificate) Marshal() ([]byte, error) { - cc := c.CCertificate() + cc := c.cCertificate() if cc == nil { return nil, ErrInternal } - defer DeleteCCertificate(cc) + defer deleteCCertificate(cc) var encoded [16384]byte encodedSize := C.int(16384) rv := int(C.ZT_Certificate_encode((*C.ZT_Certificate)(cc), unsafe.Pointer(&encoded[0]), &encodedSize)) @@ -422,11 +422,11 @@ func (c *Certificate) Sign(id *Identity) (*Certificate, error) { if id == nil || !id.HasPrivate() { return nil, ErrInvalidParameter } - ctmp := c.CCertificate() + ctmp := c.cCertificate() if ctmp == nil { return nil, ErrInternal } - defer DeleteCCertificate(ctmp) + defer deleteCCertificate(ctmp) var signedCert [16384]byte signedCertSize := C.int(16384) rv := int(C.ZT_Certificate_sign((*C.ZT_Certificate)(ctmp), id.cIdentity(), unsafe.Pointer(&signedCert[0]), &signedCertSize)) @@ -438,11 +438,11 @@ func (c *Certificate) Sign(id *Identity) (*Certificate, error) { // Verify returns nil on success or a certificate error if there is a problem with this certificate. func (c *Certificate) Verify() error { - cc := c.CCertificate() + cc := c.cCertificate() if cc == nil { return ErrInternal } - defer DeleteCCertificate(cc) + defer deleteCCertificate(cc) return certificateErrorToError(int(C.ZT_Certificate_verify((*C.ZT_Certificate)(cc)))) } @@ -496,11 +496,11 @@ func NewCertificateCSR(subject *CertificateSubject, uniqueId []byte, uniqueIdPri var tmp Certificate tmp.Subject = *subject - ctmp := tmp.CCertificate() + ctmp := tmp.cCertificate() if ctmp == nil { return nil, ErrInternal } - defer DeleteCCertificate(ctmp) + defer deleteCCertificate(ctmp) var csr [16384]byte csrSize := C.int(16384)