Added support for tls
diff --git a/README.md b/README.md
index 6bf65ea..de53791 100644
--- a/README.md
+++ b/README.md
@@ -20,17 +20,16 @@
mkdir -p $HOME/go/bin $HOME/go/pkg $HOME/go/src/github.com/maps-booking
-
Next, add the following to your ~/.bashrc
- export PATH=$PATH:$(go env GOPATH)/bin
- export GOPATH=$(go env GOPATH)
- export GOBIN=$(go env GOPATH)/bin
-
+ export PATH=$PATH:$(go env GOPATH)/bin
+ export GOPATH=$(go env GOPATH)
+ export GOBIN=$(go env GOPATH)/bin
+
Source changes
-
- source ~/.bashrc
-
+
+ source ~/.bashrc
+
Next, retrieve the utility from the
[maps-booking repository](https://maps-booking.googlesource.com/)
@@ -38,8 +37,8 @@
Lastly, download all dependencies and install the tool.
- cd $HOME/go
- go get -d ./...
+ cd $HOME/go
+ go get -d ./...
go install $HOME/go/src/github.com/maps-booking/testclient/main.go
### Installing the utility with Windows Powershell
@@ -74,7 +73,7 @@
After following the install steps above an executable should now live in
$HOME/go/bin/main
-
+
or
$env:HOME\go\bin\main.exe
@@ -113,9 +112,45 @@
Example Usage:
bin/main -health_check_test=true -check_availability_test=true
- -output_dir="/tmp" -server_addr="localhost:50051”
+ -output_dir="/tmp" -server_addr="grpc-service.google.com:50051”
-availability_feed="/tmp/test.json"
+#### Enabling TLS
+Using the TLS feature of this utility is slightly more complicated than the
+standard non-TLS runs and requires a few additional steps.
+
+- Begin by overriding your server's RootCAs file with the provided root.pem
+ located in maps-booking/certs/root.pem. Details regarding your server's root
+ certs can be found on the [maps-booking developer site.]
+ (https://developers.google.com/maps-booking/guides/partner-implementing-grpc-server-2)
+
+- Point the ca_file flag of the client utility to the location of your original
+ roots file. If you don't have one yet you can [download these
+ roots](https://pki.google.com/roots.pem) that have been recommended by the
+ Google Internet Authority.
+
+- Enable TLS by setting the tls flag to true.
+
+Example Usage:
+
+ bin/main -health_check_test=true -check_availability_test=true
+ -output_dir="/tmp" -server_addr="grpc-service.google.com:50051”
+ -availability_feed="/tmp/test.json" -tls -ca_file="/tmp/trusted_roots.pem"
+
+#### Optional TLS Feature
+
+It's possible to override the FQDN your client attempts to use during the TLS
+handshake. If you find a need to use an alias when testing your implementation,
+simply override using the servername_override flag.
+
+Example Usage:
+
+ bin/main -health_check_test=true -check_availability_test=true
+ -output_dir="/tmp" -server_addr="localhost:50051”
+ -availability_feed="/tmp/test.json" -tls -ca_file="/tmp/trusted_roots.pem"
+ -servername_override="myservice.google.com"
+
+
### Parsing the output
The test utility will output a file with the prefix 'grpc_test_client_log_'
diff --git a/certs/root.pem b/certs/root.pem
new file mode 100644
index 0000000..4193c2e
--- /dev/null
+++ b/certs/root.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIFzTCCA7WgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxITAf
+BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEhMB8GA1UEAwwYbWFwcy1i
+b29raW5nX3Rlc3QtY2xpZW50MB4XDTE3MTAyNzAxNDIxN1oXDTI3MTAyNTAxNDIx
+N1owgYAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
+DA1Nb3VudGFpbiBWaWV3MSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBM
+dGQxITAfBgNVBAMMGG1hcHMtYm9va2luZ190ZXN0LWNsaWVudDCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBALZhw3cOlpLbecQzE7WHNN+aPSVboI01Wy2G
+y18bw6abeKqrd6IotKnd9EUzLrY6c2cWmlA6EgUYEJ5Qsdzso2+IF9d2Dcmlz7A0
+sK4scjzoxD/Qj8E+iyQASXxla86l/1XpvXwPv2ZcfOqJDmaSsCptAiR6qLc2+6g4
+m/d3MpLx1BFH0MlQNB0XG4SNeCTEA959AgexWBFelTQUl5QKmUXkPOd6BRvGedzp
+uj4nA+AFWpMgvgXYi7tiDOaS8cXfhXIuPMB1P9dk8pn/etFKPELFq1Fvuw/DF08y
+dkkyORrbXNTJNbIQRhBQj17VG6GoKypyVQ6EHgWHFlMqqzgs3+JWlaoSC/f3GvX1
+uuSakG66KLN6ZBQU+KcvmhZHhsxikynmvlAVPLeu+cNlVJZMS1OfjEiPyxs3M9VL
+bEBxYgSLpjyuKCY50fxK67tKgiCLDTwXpX/R/herIHAAMoQMM0qBmMgj9iuReAjU
+Zu4IC3kSL6/ZPRqivZAXAciGVC2CVx6cHQQA66iO1/u9ETN+QX3cPo/rf+ki1Cte
+cdVCfzAh3FA06wDgx/96JL6cwn6TUfjUnPNwSL1rvzdaULadL29SQWUlFjASV4WE
+ppyjh/Z6xEr+FcUroNXE/16LagM4HR/IDvDd6ZQ9sVHqlBR1xEtA7VxptgFcMi6o
+t+RPam+nAgMBAAGjUDBOMB0GA1UdDgQWBBSwnp+00yr82MUrKAIkoVMTWtzoozAf
+BgNVHSMEGDAWgBSwnp+00yr82MUrKAIkoVMTWtzoozAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4ICAQCPloUFKtlQWmXEQPPwpFX8tnC0SEJDKTMV4S+1kpOQ
+edoSY6544wChdUwvIvgiePce1R1SUu+sOr9XYl7uBZ+j1+iKm5mPcyxr7HczRtdM
+HOIRVQxLRrL/sgbW3XP2OIb9nNSGRRpuOvc9U3xvS51YzshoweSGaPqPrM1uwqWD
+3tVTNSycePj00gx1ajtv1M5QDZnhtMOPdtSPqYajuV1QgsDJfR957GEf1KrjZScA
+raw/K/JbqkHBJR9CD629ARCGQfx2xTRxlFJfYZxvtBucUZUv2eTAbio92WdVBTaM
+G4BYW+wl8zZeKsb/3nyh852D65desLTLGb1vSqyd5QxTJ1H3wWe1SiW14fxreuXQ
+pyuH8Qnj7ZHvQSvQjMqgJlnfbMMcwQ8a7UJXJtnstE4EbsC9mIpM/YUPwP5BnnVw
+Ry99cwxdtKfpUwspWORsPQcfsLJgBTIdLqcBaWr8huYf1pjJX604rLcXN8vRzo/X
+GMXc6h7ogMB3SJ7Lc4XMXFvowF7yUOyHk3zgthZzxivyTuHrlCpL9asgqW+HTmyv
+N4DBiJQdvBEfnFrP2jXOMD2C8QbbZ/QQjtpOos+o+B7UMld+tshVrrbLc2Njy57c
+9pGz4BakZkGA32+Quoy5fyziYpDL7ilEBDG4OBYIrsbg7iqrO6LH580qFw3VaY6g
+WA==
+-----END CERTIFICATE-----
diff --git a/certs/test_client_cert.pem b/certs/test_client_cert.pem
new file mode 100644
index 0000000..57febfa
--- /dev/null
+++ b/certs/test_client_cert.pem
@@ -0,0 +1,102 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Mountain View, O=Internet Widgits Pty Ltd, CN=maps-booking_test-client
+ Validity
+ Not Before: Oct 27 01:53:28 2017 GMT
+ Not After : Oct 25 01:53:28 2027 GMT
+ Subject: C=US, ST=California, O=Internet Widgits Pty Ltd, CN=maps-booking_test-client-cert
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:b8:4a:8a:a7:b5:6f:ac:cb:38:dd:c3:96:a7:d8:
+ 79:0f:e1:9a:1b:b9:4a:ff:8b:d7:93:67:9b:9b:fc:
+ 9a:47:9c:a1:c4:ff:1a:40:14:02:37:3e:28:bb:6f:
+ 89:af:66:56:c4:6b:34:6c:28:97:34:2d:0f:b7:85:
+ b9:41:41:dc:01:c4:5f:d0:3c:49:47:d7:47:c3:e6:
+ e8:52:70:e3:a9:2f:3e:4c:f7:09:57:f9:c0:cb:4a:
+ b5:e1:0e:22:8c:f7:13:d8:f4:e9:69:c9:d2:14:bb:
+ f1:5b:53:c5:7e:80:8b:22:6e:bb:82:39:40:7d:d9:
+ a3:0a:4e:46:4c:c2:03:11:6c:f2:01:1c:5e:08:b0:
+ b3:83:9b:62:50:8b:21:45:11:b2:63:7b:79:95:99:
+ 0b:47:c8:ba:16:0b:05:94:ef:9c:2d:22:01:6d:ed:
+ 68:5e:4d:21:30:d8:8a:68:b5:94:d3:de:74:02:aa:
+ 18:6b:62:f5:2f:73:06:27:8f:b0:83:ff:5f:27:ec:
+ 29:40:ff:b9:df:df:e7:fe:d5:69:19:5f:a1:88:4e:
+ f5:c4:7b:70:3c:46:3d:28:7a:cf:dc:66:5c:d9:3b:
+ 46:95:c6:6a:2c:9c:04:22:22:dd:8b:5a:e8:ac:2e:
+ bb:3f:fe:54:04:84:09:7f:ad:19:75:64:7a:04:f8:
+ b3:8b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 8A:F7:40:6F:73:C8:C4:78:AB:83:E1:98:14:6A:4D:10:0A:2E:5B:CA
+ X509v3 Authority Key Identifier:
+ keyid:B0:9E:9F:B4:D3:2A:FC:D8:C5:2B:28:02:24:A1:53:13:5A:DC:E8:A3
+
+ Signature Algorithm: sha256WithRSAEncryption
+ b4:9a:05:63:44:d5:64:fe:12:c2:72:da:5f:a8:41:11:bb:f7:
+ 0a:f2:21:2f:fd:3c:59:27:1e:d5:ee:3c:5c:a6:42:5a:72:fe:
+ 36:6c:45:26:ed:74:d9:04:96:8d:7c:29:17:55:ec:08:43:94:
+ 8e:11:16:b0:e7:e6:2d:0d:3f:cf:93:e2:7a:ab:23:f5:c7:f1:
+ bd:f1:fc:43:c0:59:90:2f:6c:87:29:10:ac:ed:07:83:f2:29:
+ f9:5b:14:dc:a4:a9:92:97:a1:8f:47:1f:52:e3:ee:30:56:56:
+ 98:fa:2e:64:69:e9:c9:33:17:1b:1f:c2:2f:b4:9e:a8:10:4f:
+ 6b:74:e5:4a:93:8d:af:92:15:ac:8d:23:e0:08:1f:bf:4f:aa:
+ 81:ae:c3:7d:05:18:ea:3b:31:c7:cb:95:c6:5e:a3:6e:91:41:
+ c7:b5:17:7a:44:da:68:83:fe:5a:aa:b4:1f:dc:7f:c9:66:2d:
+ f8:ae:b2:5a:66:f9:4c:70:31:fe:94:cd:39:46:06:16:21:67:
+ 5b:9e:9f:51:aa:75:52:03:c4:17:4b:cd:64:71:d8:67:27:03:
+ 85:e3:ec:77:d8:e5:a2:60:f7:1b:7f:2d:06:63:39:a9:de:42:
+ 1f:73:87:f5:2d:94:d8:29:c2:d6:27:c3:3f:a0:f1:c6:53:47:
+ 3c:50:b1:93:a6:2b:21:2b:b9:7c:49:72:fa:47:1b:7f:73:cd:
+ 28:99:6a:b4:82:f8:fc:64:58:b0:3d:5e:d1:e5:4d:4c:c1:21:
+ e6:2f:aa:80:69:c4:a0:4a:d5:9e:50:d3:33:ec:68:95:fd:43:
+ 27:34:80:de:e3:4e:3f:a1:dc:70:d1:83:71:5e:13:78:fb:d0:
+ f4:a5:37:00:23:2d:04:23:41:6c:ba:90:9b:5a:fb:7b:c5:3a:
+ 33:30:e6:01:43:97:84:3b:d7:32:fe:e9:74:b1:4d:88:9b:dd:
+ b8:3f:df:69:19:e1:02:df:40:b1:10:b3:d4:78:d8:c7:b6:8d:
+ cf:98:e9:07:bb:99:0a:b0:e5:0e:6b:85:1b:11:bc:89:e2:27:
+ 40:ca:c0:4d:4c:fe:13:c6:1f:ce:1f:dd:e6:4e:54:d2:33:a0:
+ 47:e2:23:3c:aa:5a:ab:a6:78:7a:3c:20:e2:2f:6f:5b:b1:09:
+ f2:8f:8d:93:5a:0c:07:42:0c:8c:02:62:fd:43:99:97:dc:d1:
+ 00:db:dc:57:13:b9:4f:c7:66:b3:17:56:b7:f9:7a:f1:b7:63:
+ 3f:e8:d8:d6:f8:d0:f7:c7:9b:4d:fa:3e:ab:57:13:34:3a:0e:
+ d2:70:c9:1c:ec:3f:34:37:a6:c5:33:e0:51:ad:51:b3:9b:ca:
+ e5:cd:90:f1:85:c1:4e:25
+-----BEGIN CERTIFICATE-----
+MIIE5DCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxITAf
+BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEhMB8GA1UEAwwYbWFwcy1i
+b29raW5nX3Rlc3QtY2xpZW50MB4XDTE3MTAyNzAxNTMyOFoXDTI3MTAyNTAxNTMy
+OFowbTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEmMCQGA1UEAwwdbWFwcy1ib29raW5n
+X3Rlc3QtY2xpZW50LWNlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC4SoqntW+syzjdw5an2HkP4ZobuUr/i9eTZ5ub/JpHnKHE/xpAFAI3Pii7b4mv
+ZlbEazRsKJc0LQ+3hblBQdwBxF/QPElH10fD5uhScOOpLz5M9wlX+cDLSrXhDiKM
+9xPY9OlpydIUu/FbU8V+gIsibruCOUB92aMKTkZMwgMRbPIBHF4IsLODm2JQiyFF
+EbJje3mVmQtHyLoWCwWU75wtIgFt7WheTSEw2IpotZTT3nQCqhhrYvUvcwYnj7CD
+/18n7ClA/7nf3+f+1WkZX6GITvXEe3A8Rj0oes/cZlzZO0aVxmosnAQiIt2LWuis
+Lrs//lQEhAl/rRl1ZHoE+LOLAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4
+QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSK
+90Bvc8jEeKuD4ZgUak0QCi5byjAfBgNVHSMEGDAWgBSwnp+00yr82MUrKAIkoVMT
+WtzoozANBgkqhkiG9w0BAQsFAAOCAgEAtJoFY0TVZP4SwnLaX6hBEbv3CvIhL/08
+WSce1e48XKZCWnL+NmxFJu102QSWjXwpF1XsCEOUjhEWsOfmLQ0/z5Pieqsj9cfx
+vfH8Q8BZkC9shykQrO0Hg/Ip+VsU3KSpkpehj0cfUuPuMFZWmPouZGnpyTMXGx/C
+L7SeqBBPa3TlSpONr5IVrI0j4Agfv0+qga7DfQUY6jsxx8uVxl6jbpFBx7UXekTa
+aIP+Wqq0H9x/yWYt+K6yWmb5THAx/pTNOUYGFiFnW56fUap1UgPEF0vNZHHYZycD
+hePsd9jlomD3G38tBmM5qd5CH3OH9S2U2CnC1ifDP6DxxlNHPFCxk6YrISu5fEly
++kcbf3PNKJlqtIL4/GRYsD1e0eVNTMEh5i+qgGnEoErVnlDTM+xolf1DJzSA3uNO
+P6HccNGDcV4TePvQ9KU3ACMtBCNBbLqQm1r7e8U6MzDmAUOXhDvXMv7pdLFNiJvd
+uD/faRnhAt9AsRCz1HjYx7aNz5jpB7uZCrDlDmuFGxG8ieInQMrATUz+E8Yfzh/d
+5k5U0jOgR+IjPKpaq6Z4ejwg4i9vW7EJ8o+Nk1oMB0IMjAJi/UOZl9zRANvcVxO5
+T8dmsxdWt/l68bdjP+jY1vjQ98ebTfo+q1cTNDoO0nDJHOw/NDemxTPgUa1Rs5vK
+5c2Q8YXBTiU=
+-----END CERTIFICATE-----
diff --git a/certs/test_client_key.pem b/certs/test_client_key.pem
new file mode 100644
index 0000000..c8989f6
--- /dev/null
+++ b/certs/test_client_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAuEqKp7VvrMs43cOWp9h5D+GaG7lK/4vXk2ebm/yaR5yhxP8a
+QBQCNz4ou2+Jr2ZWxGs0bCiXNC0Pt4W5QUHcAcRf0DxJR9dHw+boUnDjqS8+TPcJ
+V/nAy0q14Q4ijPcT2PTpacnSFLvxW1PFfoCLIm67gjlAfdmjCk5GTMIDEWzyARxe
+CLCzg5tiUIshRRGyY3t5lZkLR8i6FgsFlO+cLSIBbe1oXk0hMNiKaLWU0950AqoY
+a2L1L3MGJ4+wg/9fJ+wpQP+539/n/tVpGV+hiE71xHtwPEY9KHrP3GZc2TtGlcZq
+LJwEIiLdi1rorC67P/5UBIQJf60ZdWR6BPiziwIDAQABAoIBAQCbJy6ayTauzB0h
+HxSMVMR/aVj8NEB+6rXgxN6OMdmVprnPB1KLVg0Tg0J5owrQ36D3FqZ41KeP5swP
+nwZ7eT4HQtPDla3ATO9/b7xyA9a3Ti3uUCDOr1bwEAMV6XePJEjSZEbKqH40tJIb
+aGih+wioQX+dwCOakIsiFwo6fzBkDtsj4V3qVunuZ5TRufUSrXebAMSsE5U+POch
+FznfqsD/vhus5ggbhM/8wG1NgEtO5apkc+KjA/vnWpcpSeWxnBYmQZr0dU9iZJr+
+vCxMKY+kdVfjohbeGQt51TqUkBdLbfUlun8fE1X9hrsA5aYonP82unJ+hWn3Wg60
+fP9vr1gBAoGBAPWcsKoCG6DisgLAjNhAMC2Q7lp2qsM7Y01p4epLX8UxOHRMlpnr
+erNRc4k75hZDp7/rtrO6eb3F+76mlPVbqi/JRRqY5xM8vsDF8KYSAW8XJXZ6AP+Z
+G7sxjJ8QnlT1lAWK+XNxAEk6U3jj6eB+CfGSZJJh3tbjhX69BseE5uQBAoGBAMAV
+6cpOq+F0ZSlh3sljvlDEPY0BaUtlAF5LOX6Vdg7c/zeWJtAAE24hPYwxSi9e4jYx
+eHBM3Xk5yQVGsIbxl/dvgWGY2nbzb1YdbOEEzrVBh7hm8YW3DER+HwNcDpMhoWCf
+O8uD59YNsyvrqD/vb7KpVDWr+yD8ClO7zjLL3ueLAoGAdAZMElOil5LfgptRLYrM
+94mCf2uVaVqxo01EcnieyjlhMNdJQXbS5Miyan7IR3Y4VVpVWXvarMJNFRf+QBXI
+RICwy0q1xgmpFsmqz9iror3tbZVeyV+bkQdsJWwlT38fKKspAda8ytrpua74uZrw
+uZRtPBVNvneGhYNoI3Jt3AECgYB5bGDBdkHI3x8jra57eAXSYHrYK9A3zL0S3lKV
+5j0e4CylItGeIq4lq/WQLYhLsZslztfnhW9rNlAQecMVSptZ2q7a1xkioHf849Tz
+2Wohwi7dLpX2hOPIWEGaihLchyHQRlgyKkvfUAG2/dz5rY3aTpfg5bp1+1072Thb
+e+yISQKBgGgtchLhw26f+wIvDDJx6AExEbbnV5V84riqZR4PpBz4e88xWdtpfYT7
+J0nidjfbgcpfIysD8ELn/bGtNsYWrTkX8rqB5buBGf+WP7+ChWLwdm1GPtYJJN4s
+ewhN35RpB6EjTdp9jp5ifTfSSBAoHN8yJeeHxU64HHb8nDdBwxmW
+-----END RSA PRIVATE KEY-----
diff --git a/testclient/main.go b/testclient/main.go
index 0a3eb5e..0ed4589 100644
--- a/testclient/main.go
+++ b/testclient/main.go
@@ -16,8 +16,12 @@
package main
import (
+ "crypto/tls"
+ "crypto/x509"
+ "errors"
"flag"
"fmt"
+ "io/ioutil"
"log"
"os"
"path/filepath"
@@ -27,6 +31,7 @@
"github.com/maps-booking/utils"
"golang.org/x/net/context"
"google.golang.org/grpc"
+ "google.golang.org/grpc/credentials"
mpb "github.com/maps-booking/bookingservice"
fpb "github.com/maps-booking/feeds"
@@ -34,6 +39,84 @@
const logFile = "grpc_test_client_log_"
+/*
+Below is a string representation of the client certificate and private key.
+This is a self signed cert. To use this cert, maps-booking/certs/root.pem
+must be added to your server.
+
+Viewing the contents of this cert in a human readable format can be achieved using openssl.
+The command and subsequent output are below for your convenience.
+
+ openssl x509 -in .../maps-booking/certs/test_client_cert.pem -inform pem -noout -text
+
+ Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, ST=California, L=Mountain View, O=Internet Widgits Pty Ltd, CN=maps-booking_test-client
+ Validity
+ Not Before: Oct 27 01:53:28 2017 GMT
+ Not After : Oct 25 01:53:28 2027 GMT
+ Subject: C=US, ST=California, O=Internet Widgits Pty Ltd, CN=maps-booking_test-client-cert
+*/
+const clientCert = `-----BEGIN CERTIFICATE-----
+MIIE5DCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx
+EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxITAf
+BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEhMB8GA1UEAwwYbWFwcy1i
+b29raW5nX3Rlc3QtY2xpZW50MB4XDTE3MTAyNzAxNTMyOFoXDTI3MTAyNTAxNTMy
+OFowbTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEmMCQGA1UEAwwdbWFwcy1ib29raW5n
+X3Rlc3QtY2xpZW50LWNlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC4SoqntW+syzjdw5an2HkP4ZobuUr/i9eTZ5ub/JpHnKHE/xpAFAI3Pii7b4mv
+ZlbEazRsKJc0LQ+3hblBQdwBxF/QPElH10fD5uhScOOpLz5M9wlX+cDLSrXhDiKM
+9xPY9OlpydIUu/FbU8V+gIsibruCOUB92aMKTkZMwgMRbPIBHF4IsLODm2JQiyFF
+EbJje3mVmQtHyLoWCwWU75wtIgFt7WheTSEw2IpotZTT3nQCqhhrYvUvcwYnj7CD
+/18n7ClA/7nf3+f+1WkZX6GITvXEe3A8Rj0oes/cZlzZO0aVxmosnAQiIt2LWuis
+Lrs//lQEhAl/rRl1ZHoE+LOLAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4
+QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSK
+90Bvc8jEeKuD4ZgUak0QCi5byjAfBgNVHSMEGDAWgBSwnp+00yr82MUrKAIkoVMT
+WtzoozANBgkqhkiG9w0BAQsFAAOCAgEAtJoFY0TVZP4SwnLaX6hBEbv3CvIhL/08
+WSce1e48XKZCWnL+NmxFJu102QSWjXwpF1XsCEOUjhEWsOfmLQ0/z5Pieqsj9cfx
+vfH8Q8BZkC9shykQrO0Hg/Ip+VsU3KSpkpehj0cfUuPuMFZWmPouZGnpyTMXGx/C
+L7SeqBBPa3TlSpONr5IVrI0j4Agfv0+qga7DfQUY6jsxx8uVxl6jbpFBx7UXekTa
+aIP+Wqq0H9x/yWYt+K6yWmb5THAx/pTNOUYGFiFnW56fUap1UgPEF0vNZHHYZycD
+hePsd9jlomD3G38tBmM5qd5CH3OH9S2U2CnC1ifDP6DxxlNHPFCxk6YrISu5fEly
++kcbf3PNKJlqtIL4/GRYsD1e0eVNTMEh5i+qgGnEoErVnlDTM+xolf1DJzSA3uNO
+P6HccNGDcV4TePvQ9KU3ACMtBCNBbLqQm1r7e8U6MzDmAUOXhDvXMv7pdLFNiJvd
+uD/faRnhAt9AsRCz1HjYx7aNz5jpB7uZCrDlDmuFGxG8ieInQMrATUz+E8Yfzh/d
+5k5U0jOgR+IjPKpaq6Z4ejwg4i9vW7EJ8o+Nk1oMB0IMjAJi/UOZl9zRANvcVxO5
+T8dmsxdWt/l68bdjP+jY1vjQ98ebTfo+q1cTNDoO0nDJHOw/NDemxTPgUa1Rs5vK
+5c2Q8YXBTiU=
+-----END CERTIFICATE-----`
+const clientKey = `-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAuEqKp7VvrMs43cOWp9h5D+GaG7lK/4vXk2ebm/yaR5yhxP8a
+QBQCNz4ou2+Jr2ZWxGs0bCiXNC0Pt4W5QUHcAcRf0DxJR9dHw+boUnDjqS8+TPcJ
+V/nAy0q14Q4ijPcT2PTpacnSFLvxW1PFfoCLIm67gjlAfdmjCk5GTMIDEWzyARxe
+CLCzg5tiUIshRRGyY3t5lZkLR8i6FgsFlO+cLSIBbe1oXk0hMNiKaLWU0950AqoY
+a2L1L3MGJ4+wg/9fJ+wpQP+539/n/tVpGV+hiE71xHtwPEY9KHrP3GZc2TtGlcZq
+LJwEIiLdi1rorC67P/5UBIQJf60ZdWR6BPiziwIDAQABAoIBAQCbJy6ayTauzB0h
+HxSMVMR/aVj8NEB+6rXgxN6OMdmVprnPB1KLVg0Tg0J5owrQ36D3FqZ41KeP5swP
+nwZ7eT4HQtPDla3ATO9/b7xyA9a3Ti3uUCDOr1bwEAMV6XePJEjSZEbKqH40tJIb
+aGih+wioQX+dwCOakIsiFwo6fzBkDtsj4V3qVunuZ5TRufUSrXebAMSsE5U+POch
+FznfqsD/vhus5ggbhM/8wG1NgEtO5apkc+KjA/vnWpcpSeWxnBYmQZr0dU9iZJr+
+vCxMKY+kdVfjohbeGQt51TqUkBdLbfUlun8fE1X9hrsA5aYonP82unJ+hWn3Wg60
+fP9vr1gBAoGBAPWcsKoCG6DisgLAjNhAMC2Q7lp2qsM7Y01p4epLX8UxOHRMlpnr
+erNRc4k75hZDp7/rtrO6eb3F+76mlPVbqi/JRRqY5xM8vsDF8KYSAW8XJXZ6AP+Z
+G7sxjJ8QnlT1lAWK+XNxAEk6U3jj6eB+CfGSZJJh3tbjhX69BseE5uQBAoGBAMAV
+6cpOq+F0ZSlh3sljvlDEPY0BaUtlAF5LOX6Vdg7c/zeWJtAAE24hPYwxSi9e4jYx
+eHBM3Xk5yQVGsIbxl/dvgWGY2nbzb1YdbOEEzrVBh7hm8YW3DER+HwNcDpMhoWCf
+O8uD59YNsyvrqD/vb7KpVDWr+yD8ClO7zjLL3ueLAoGAdAZMElOil5LfgptRLYrM
+94mCf2uVaVqxo01EcnieyjlhMNdJQXbS5Miyan7IR3Y4VVpVWXvarMJNFRf+QBXI
+RICwy0q1xgmpFsmqz9iror3tbZVeyV+bkQdsJWwlT38fKKspAda8ytrpua74uZrw
+uZRtPBVNvneGhYNoI3Jt3AECgYB5bGDBdkHI3x8jra57eAXSYHrYK9A3zL0S3lKV
+5j0e4CylItGeIq4lq/WQLYhLsZslztfnhW9rNlAQecMVSptZ2q7a1xkioHf849Tz
+2Wohwi7dLpX2hOPIWEGaihLchyHQRlgyKkvfUAG2/dz5rY3aTpfg5bp1+1072Thb
+e+yISQKBgGgtchLhw26f+wIvDDJx6AExEbbnV5V84riqZR4PpBz4e88xWdtpfYT7
+J0nidjfbgcpfIysD8ELn/bGtNsYWrTkX8rqB5buBGf+WP7+ChWLwdm1GPtYJJN4s
+ewhN35RpB6EjTdp9jp5ifTfSSBAoHN8yJeeHxU64HHb8nDdBwxmW
+-----END RSA PRIVATE KEY-----`
+
var (
serverAddr = flag.String("server_addr", "example.com:80", "Your grpc server's address in the format of host:port")
rpcTimeout = flag.Duration("rpc_timeout", 30*time.Second, "Number of seconds to wait before abandoning request")
@@ -47,6 +130,9 @@
rescheduleFlow = flag.Bool("rescheduling_test", false, "Whether to test the UpdateBooking endpoint.")
availabilityFeed = flag.String("availability_feed", "", "Absolute path to availability feed required for all tests except health. Feeds can be in either json or pb3 format")
outputDir = flag.String("output_dir", "", "Absolute path of dir to dump log file.")
+ enableTLS = flag.Bool("tls", false, "Whether to enable TLS when using the test client. Please review the README.md before attempting to use this flag.")
+ caFile = flag.String("ca_file", "", "Absolute path to your server's Certificate Authority root cert. Downloading all roots currently recommended by the Google Internet Authority is a suitable alternative https://pki.google.com/roots.pem")
+ serverName = flag.String("servername_override", "", "Override FQDN to use. Please see README for additional details")
)
type counters struct {
@@ -101,10 +187,10 @@
return nil, err
}
}
-
+
now := time.Now().UTC()
nowString := fmt.Sprintf("%d-%02d-%02d_%02d-%02d-%02d", now.Year(), now.Month(), now.Day(), now.Hour(), now.Minute(), now.Second())
- outFile := filepath.Join(outPath, fmt.Sprintf("%s%s", logFile, nowString))
+ outFile := filepath.Join(outPath, fmt.Sprintf("%s%s", logFile, nowString))
return os.Create(outFile)
}
@@ -165,6 +251,33 @@
os.Exit(0)
}
+func buildGrpcConnection() (*grpc.ClientConn, error) {
+ var opts []grpc.DialOption
+ if *enableTLS {
+ cert, err := tls.X509KeyPair([]byte(clientCert), []byte(clientKey))
+ if err != nil {
+ return nil, err
+ }
+ b, err := ioutil.ReadFile(*caFile)
+ if err != nil {
+ return nil, fmt.Errorf("failed to read root certificates file: %v", err)
+ }
+ cp := x509.NewCertPool()
+ if !cp.AppendCertsFromPEM(b) {
+ return nil, errors.New("failed to parse root certificates, please check your roots file (ca_file flag) and try again")
+ }
+ config := &tls.Config{Certificates: []tls.Certificate{cert}, RootCAs: cp}
+ if *serverName != "" {
+ config.ServerName = *serverName
+ }
+ creds := credentials.NewTLS(config)
+ opts = append(opts, grpc.WithTransportCredentials(creds))
+ } else {
+ opts = append(opts, grpc.WithInsecure())
+ }
+ return grpc.Dial(*serverAddr, opts...)
+}
+
func main() {
flag.Parse()
var stats counters
@@ -177,10 +290,9 @@
defer f.Close()
log.SetOutput(f)
- opts := append([]grpc.DialOption{}, grpc.WithInsecure())
- conn, err := grpc.Dial(*serverAddr, opts...)
+ conn, err := buildGrpcConnection()
if err != nil {
- log.Fatalf("fail to dial: %v", err)
+ log.Fatalf("failed to dial: %v", err)
}
defer conn.Close()
client := mpb.NewBookingServiceClient(conn)
