grpc
/
grpc-go
mirror of https://github.com/grpc/grpc-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

vet: add check for trailing spaces (#7576) 

* vet: trailing spaces check
This commit is contained in:
Purnesh Dixit 2024-09-12 11:40:38 +05:30 committed by GitHub
parent 7fb7ac747b
commit b6fde8cdd1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
29 changed files with 145 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CONTRIBUTING.md
View File

@ -25,8 +25,8 @@ How to get your contributions merged smoothly and quickly.
is a great place to start. These issues are well-documented and usually can be
resolved with a single pull request.
- If you are adding a new file, make sure it has the copyright message template
at the top as a comment. You can copy over the message from an existing file
- If you are adding a new file, make sure it has the copyright message template
at the top as a comment. You can copy over the message from an existing file
and update the year.
- The grpc package should only depend on standard Go packages and a small number
@ -41,10 +41,10 @@ How to get your contributions merged smoothly and quickly.
- Provide a good **PR description** as a record of **what** change is being made
and **why** it was made. Link to a github issue if it exists.
- If you want to fix formatting or style, consider whether your changes are an
obvious improvement or might be considered a personal preference. If a style
change is based on preference, it likely will not be accepted. If it corrects
widely agreed-upon anti-patterns, then please do create a PR and explain the
- If you want to fix formatting or style, consider whether your changes are an
obvious improvement or might be considered a personal preference. If a style
change is based on preference, it likely will not be accepted. If it corrects
widely agreed-upon anti-patterns, then please do create a PR and explain the
benefits of the change.
- Unless your PR is trivial, you should expect there will be reviewer comments

2
Documentation/server-reflection-tutorial.md
View File

@ -103,7 +103,7 @@ The `list` command lists services exposed at a given port:
- Describe all services
The `describe` command inspects a service given its full name (in the format
of \<package\>.\<service\>).
of \<package\>.\<service\>).
```sh
$ grpcurl -plaintext localhost:50051 describe helloworld.Greeter

8
authz/grpc_authz_end2end_test.go
View File

@ -78,7 +78,7 @@ var authzTests = map[string]struct {
"DeniesRPCMatchInDenyNoMatchInAllow": {
authzPolicy: `{
"name": "authz",
"allow_rules":
"allow_rules":
[
{
"name": "allow_StreamingOutputCall",
@ -166,11 +166,11 @@ var authzTests = map[string]struct {
"/grpc.testing.TestService/UnaryCall",
"/grpc.testing.TestService/StreamingInputCall"
],
"headers":
"headers":
[
{
"key": "key-abc",
"values":
"values":
[
"val-abc",
"val-def"
@ -250,7 +250,7 @@ var authzTests = map[string]struct {
[
{
"name": "allow_StreamingOutputCall",
"request":
"request":
{
"paths":
[

4
authz/grpc_authz_server_interceptors_test.go
View File

@ -57,9 +57,9 @@ func (s) TestNewStatic(t *testing.T) {
wantErr: fmt.Errorf(`"name" is not present`),
},
"ValidPolicyCreatesInterceptor": {
authzPolicy: `{
authzPolicy: `{
"name": "authz",
"allow_rules":
"allow_rules":
[
{
"name": "allow_all"

6
cmd/protoc-gen-go-grpc/protoc-gen-go-grpc_test.sh
View File

@ -15,7 +15,7 @@
# limitations under the License.
# Uncomment to enable debugging.
# set -x
# set -x
WORKDIR="$(dirname $0)"
TEMPDIR=$(mktemp -d)
@ -24,7 +24,7 @@ trap "rm -rf ${TEMPDIR}" EXIT
# Build protoc-gen-go-grpc binary and add to $PATH.
pushd "${WORKDIR}"
go build -o "${TEMPDIR}" .
go build -o "${TEMPDIR}" .
PATH="${TEMPDIR}:${PATH}"
popd
@ -38,7 +38,7 @@ GENFILE="${TEMPDIR}/examples/route_guide/routeguide/route_guide_grpc.pb.go"
# diff is piped to [[ $? == 1 ]] to avoid exiting on diff but exit on error
# (like if the file was not found). See man diff for more info.
DIFF=$(diff "${GOLDENFILE}" "${GENFILE}" || [[ $? == 1 ]])
DIFF=$(diff "${GOLDENFILE}" "${GENFILE}" || [[ $? == 1 ]])
if [[ -n "${DIFF}" ]]; then
echo -e "ERROR: Generated file differs from golden file:\n${DIFF}"
echo -e "If you have made recent changes to protoc-gen-go-grpc," \

2
examples/features/advancedtls/README.md
View File

@ -16,7 +16,7 @@ The clients are designed to call these servers with varying configurations of cr
```
# Run the server
$ go run server/main.go -credentials_directory $(pwd)/creds
# Run the clients from the `grpc-go/examples/features/advancedtls` directory
# Run the clients from the `grpc-go/examples/features/advancedtls` directory
$ go run client/main.go -credentials_directory $(pwd)/creds
```

10
examples/features/advancedtls/creds/client_cert.pem
View File

@ -49,15 +49,15 @@ Certificate:
6e:bb:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
X509v3 Subject Key Identifier:
DE:03:BD:A3:0E:63:F4:97:C2:52:70:63:E8:BE:A9:DF:F1:9A:7B:56
X509v3 Authority Key Identifier:
X509v3 Authority Key Identifier:
50:76:C3:5C:6B:12:E1:92:0F:28:F8:F2:43:A6:80:C2:9C:E8:56:D6
X509v3 Basic Constraints:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:0.0.0.0
Signature Algorithm: sha256WithRSAEncryption
Signature Value:

10
examples/features/advancedtls/creds/client_cert_revoked.pem
View File

@ -49,15 +49,15 @@ Certificate:
6e:bb:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
X509v3 Subject Key Identifier:
DE:03:BD:A3:0E:63:F4:97:C2:52:70:63:E8:BE:A9:DF:F1:9A:7B:56
X509v3 Authority Key Identifier:
X509v3 Authority Key Identifier:
50:76:C3:5C:6B:12:E1:92:0F:28:F8:F2:43:A6:80:C2:9C:E8:56:D6
X509v3 Basic Constraints:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:0.0.0.0
Signature Algorithm: sha256WithRSAEncryption
Signature Value:

10
examples/features/advancedtls/creds/server_cert.pem
View File

@ -49,15 +49,15 @@ Certificate:
03:71:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
X509v3 Subject Key Identifier:
4C:57:E2:72:97:CF:DC:C4:B8:4E:DB:D4:C1:C6:3D:AE:EF:D7:0A:19
X509v3 Authority Key Identifier:
X509v3 Authority Key Identifier:
50:76:C3:5C:6B:12:E1:92:0F:28:F8:F2:43:A6:80:C2:9C:E8:56:D6
X509v3 Basic Constraints:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:0.0.0.0
Signature Algorithm: sha256WithRSAEncryption
Signature Value:

10
examples/features/advancedtls/creds/server_cert_revoked.pem
View File

@ -49,15 +49,15 @@ Certificate:
03:71:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
X509v3 Subject Key Identifier:
4C:57:E2:72:97:CF:DC:C4:B8:4E:DB:D4:C1:C6:3D:AE:EF:D7:0A:19
X509v3 Authority Key Identifier:
X509v3 Authority Key Identifier:
50:76:C3:5C:6B:12:E1:92:0F:28:F8:F2:43:A6:80:C2:9C:E8:56:D6
X509v3 Basic Constraints:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:0.0.0.0
Signature Algorithm: sha256WithRSAEncryption
Signature Value:

8
examples/features/debugging/README.md
View File

@ -3,12 +3,12 @@
Currently, grpc provides two major tools to help user debug issues, which are logging and channelz.
## Logs
gRPC has put substantial logging instruments on critical paths of gRPC to help users debug issues.
gRPC has put substantial logging instruments on critical paths of gRPC to help users debug issues.
The [Log Levels](https://github.com/grpc/grpc-go/blob/master/Documentation/log_levels.md) doc describes
what each log level means in the gRPC context.
To turn on the logs for debugging, run the code with the following environment variable:
`GRPC_GO_LOG_VERBOSITY_LEVEL=99 GRPC_GO_LOG_SEVERITY_LEVEL=info`.
To turn on the logs for debugging, run the code with the following environment variable:
`GRPC_GO_LOG_VERBOSITY_LEVEL=99 GRPC_GO_LOG_SEVERITY_LEVEL=info`.
## Channelz
We also provide a runtime debugging tool, Channelz, to help users with live debugging.
@ -17,7 +17,7 @@ See the channelz blog post here ([link](https://grpc.io/blog/a-short-introductio
details about how to use channelz service to debug live program.
## Try it
The example is able to showcase how logging and channelz can help with debugging. See the channelz
The example is able to showcase how logging and channelz can help with debugging. See the channelz
blog post linked above for full explanation.
```

16
examples/features/encryption/README.md
View File

@ -29,9 +29,9 @@ create grpc
base on TLS. Refer to the
[godoc](https://godoc.org/google.golang.org/grpc/credentials) for details.
In our example, we use the public/private keys created ahead:
* "server_cert.pem" contains the server certificate (public key).
* "server_key.pem" contains the server private key.
In our example, we use the public/private keys created ahead:
* "server_cert.pem" contains the server certificate (public key).
* "server_key.pem" contains the server private key.
* "ca_cert.pem" contains the certificate (certificate authority)
that can verify the server's certificate.
@ -56,7 +56,7 @@ And finally we make an RPC call over the created `grpc.ClientConn` to test the s
connection based upon TLS is successfully up.
### ALTS
NOTE: ALTS currently needs special early access permission on GCP. You can ask
NOTE: ALTS currently needs special early access permission on GCP. You can ask
about the detailed process in https://groups.google.com/forum/#!forum/grpc-io.
ALTS is the Google's Application Layer Transport Security, which supports mutual
@ -93,12 +93,12 @@ allows users to configure mutual TLS at the connection level.
In this example, we use the following public/private keys created ahead of time:
* "server_cert.pem" contains the server's certificate (public key).
* "server_key.pem" contains the server's private key.
* "server_cert.pem" contains the server's certificate (public key).
* "server_key.pem" contains the server's private key.
* "ca_cert.pem" contains the certificate of the certificate authority that can
verify the server's certificate.
* "client_cert.pem" contains the client's certificate (public key).
* "client_key.pem" contains the client's private key.
* "client_cert.pem" contains the client's certificate (public key).
* "client_key.pem" contains the client's private key.
* "client_ca_cert.pem" contains the certificate of the certificate authority
that can verify the client's certificate.

6
examples/features/health/README.md
View File

@ -3,7 +3,7 @@
gRPC provides a health library to communicate a system's health to their clients.
It works by providing a service definition via the [health/v1](https://github.com/grpc/grpc-proto/blob/master/grpc/health/v1/health.proto) api.
By using the health library, clients can gracefully avoid using servers as they encounter issues.
By using the health library, clients can gracefully avoid using servers as they encounter issues.
Most languages provide an implementation out of box, making it interoperable between systems.
## Try it
@ -30,7 +30,7 @@ This configuration indicates which backend `serviceName` should be inspected whe
An empty string (`""`) typically indicates the overall health of a server should be reported.
```go
// import grpc/health to enable transparent client side checking
// import grpc/health to enable transparent client side checking
import _ "google.golang.org/grpc/health"
// set up appropriate service config
@ -59,6 +59,6 @@ This state is often seen at the start up of a server instance.
Conversely, `NOT_SERVING` indicates the system is unable to service requests at the time.
`SERVICE_UNKNOWN` communicates the `serviceName` requested by the client is not known by the server.
This status is only reported by the `Watch()` call.
This status is only reported by the `Watch()` call.
A server may toggle its health using `healthServer.SetServingStatus("serviceName", servingStatus)`.

2
examples/features/metadata_interceptor/README.md
View File

@ -57,7 +57,7 @@ func (s *wrappedStream) Context() context.Context {
}
func SomeStreamInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
// Get the incoming metadata from the RPC context, and add a new
// Get the incoming metadata from the RPC context, and add a new
// key-value pair to it.
md, ok := metadata.FromIncomingContext(ctx)
md.Append("key1", "value1")

52
examples/features/stats_monitoring/README.md
View File

@ -1,8 +1,8 @@
# Stats Monitoring Handler
This example demonstrates the use of the [`stats`](https://pkg.go.dev/google.golang.org/grpc/stats) package for reporting various
network and RPC stats.
_Note that all fields are READ-ONLY and the APIs of the `stats` package are
This example demonstrates the use of the [`stats`](https://pkg.go.dev/google.golang.org/grpc/stats) package for reporting various
network and RPC stats.
_Note that all fields are READ-ONLY and the APIs of the `stats` package are
experimental_.
## Try it
@ -17,42 +17,42 @@ go run client/main.go
## Explanation
gRPC provides a mechanism to hook on to various events (phases) of the
request-response network cycle through the [`stats.Handler`](https://pkg.go.dev/google.golang.org/grpc/stats#Handler) interface. To access
these events, a concrete type that implements `stats.Handler` should be passed to
`grpc.WithStatsHandler()` on the client side and `grpc.StatsHandler()` on the
gRPC provides a mechanism to hook on to various events (phases) of the
request-response network cycle through the [`stats.Handler`](https://pkg.go.dev/google.golang.org/grpc/stats#Handler) interface. To access
these events, a concrete type that implements `stats.Handler` should be passed to
`grpc.WithStatsHandler()` on the client side and `grpc.StatsHandler()` on the
server side.
The `HandleRPC(context.Context, RPCStats)` method on `stats.Handler` is called
multiple times during a request-response cycle, and various event stats are
passed to its `RPCStats` parameter (an interface). The concrete types that
implement this interface are: `*stats.Begin`, `*stats.InHeader`, `*stats.InPayload`,
`*stats.InTrailer`, `*stats.OutHeader`, `*stats.OutPayload`, `*stats.OutTrailer`, and
The `HandleRPC(context.Context, RPCStats)` method on `stats.Handler` is called
multiple times during a request-response cycle, and various event stats are
passed to its `RPCStats` parameter (an interface). The concrete types that
implement this interface are: `*stats.Begin`, `*stats.InHeader`, `*stats.InPayload`,
`*stats.InTrailer`, `*stats.OutHeader`, `*stats.OutPayload`, `*stats.OutTrailer`, and
`*stats.End`. The order of these events differs on client and server.
Similarly, the `HandleConn(context.Context, ConnStats)` method on `stats.Handler`
is called twice, once at the beginning of the connection with `*stats.ConnBegin`
Similarly, the `HandleConn(context.Context, ConnStats)` method on `stats.Handler`
is called twice, once at the beginning of the connection with `*stats.ConnBegin`
and once at the end with `*stats.ConnEnd`.
The [`stats.Handler`](https://pkg.go.dev/google.golang.org/grpc/stats#Handler) interface also provides
`TagRPC(context.Context, *RPCTagInfo) context.Context` and
`TagConn(context.Context, *ConnTagInfo) context.Context` methods. These methods
The [`stats.Handler`](https://pkg.go.dev/google.golang.org/grpc/stats#Handler) interface also provides
`TagRPC(context.Context, *RPCTagInfo) context.Context` and
`TagConn(context.Context, *ConnTagInfo) context.Context` methods. These methods
are mainly used to attach network related information to the given context.
The `TagRPC(context.Context, *RPCTagInfo) context.Context` method returns a
context from which the context used for the rest lifetime of the RPC will be
The `TagRPC(context.Context, *RPCTagInfo) context.Context` method returns a
context from which the context used for the rest lifetime of the RPC will be
derived. This behavior is consistent between the gRPC client and server.
The context returned from
The context returned from
`TagConn(context.Context, *ConnTagInfo) context.Context` has varied lifespan:
- In the gRPC client:
The context used for the rest lifetime of the RPC will NOT be derived from
this context. Hence the information attached to this context can only be
- In the gRPC client:
The context used for the rest lifetime of the RPC will NOT be derived from
this context. Hence the information attached to this context can only be
consumed by `HandleConn(context.Context, ConnStats)` method.
- In the gRPC server:
The context used for the rest lifetime of the RPC will be derived from
- In the gRPC server:
The context used for the rest lifetime of the RPC will be derived from
this context.
NOTE: The [stats](https://pkg.go.dev/google.golang.org/grpc/stats) package should only be used for network monitoring purposes,
NOTE: The [stats](https://pkg.go.dev/google.golang.org/grpc/stats) package should only be used for network monitoring purposes,
and not as an alternative to [interceptors](https://github.com/grpc/grpc-go/blob/master/examples/features/interceptor).

3
scripts/vet.sh
View File

@ -67,6 +67,9 @@ not git grep "\"github.com/golang/protobuf/*" -- "*.go" ':(exclude)reflection/te
# - Ensure all usages of grpc_testing package are renamed when importing.
not git grep "\(import \|^\s*\)\"google.golang.org/grpc/interop/grpc_testing" -- "*.go"
# - Ensure that no trailing spaces are found.
not git grep '[[:blank:]]$'
# - Ensure all xds proto imports are renamed to *pb or *grpc.
git grep '"github.com/envoyproxy/go-control-plane/envoy' -- '*.go' ':(exclude)*.pb.go' | not grep -v 'pb "\|grpc "'

8
security/advancedtls/examples/credential_reloading_from_files/README.md
View File

@ -1,15 +1,17 @@
# Credential Reloading From Files
Credential reloading is a feature supported in the advancedtls library.
Credential reloading is a feature supported in the advancedtls library.
A very common way to achieve this is to reload from files.
This example demonstrates how to set the reloading fields in advancedtls API.
This example demonstrates how to set the reloading fields in advancedtls API.
Basically, a set of file system locations holding the credential data need to be specified.
Once the credential data needs to be updated, users just change the credential data in the file system, and gRPC will pick up the changes automatically.
A couple of things to note:
1. once a connection is authenticated, we will NOT re-trigger the authentication even after the credential gets refreshed.
2. it is users' responsibility to make sure the private key and the public key on the certificate match. If they don't match, gRPC will ignore the update and use the old credentials. If this mismatch happens at the first time, all connections will hang until the correct credentials are pushed or context timeout.
2. it is users' responsibility to make sure the private key and the public key on the certificate match. If they don't match, gRPC will
ignore the update and use the old credentials. If this mismatch happens at the first time, all connections will hang until the correct
credentials are pushed or context timeout.
## Try it
In directory `security/advancedtls/examples`:

12
security/advancedtls/testdata/README.md vendored
View File

@ -6,7 +6,7 @@ How to Generate Test Certificates Using OpenSSL
-------------
Supposing we are going to create a `subject_cert.pem` that is trusted by `ca_cert.pem`, here are the
commands we run:
commands we run:
1. Generate the private key, `ca_key.pem`, and the cert `ca_cert.pem`, for the CA:
@ -14,12 +14,12 @@ commands we run:
$ openssl req -x509 -newkey rsa:4096 -keyout ca_key.pem -out ca_cert.pem -nodes -days $DURATION_DAYS
```
2. Generate a private key `subject_key.pem` for the subject:
2. Generate a private key `subject_key.pem` for the subject:
```
$ openssl genrsa -out subject_key.pem 4096
```
3. Generate a CSR `csr.pem` using `subject_key.pem`:
```
@ -32,7 +32,7 @@ commands we run:
```
4. Use `ca_key.pem` and `ca_cert.pem` to sign `csr.pem`, and get a certificate, `subject_cert.pem`, for the subject:
This step requires some additional configuration steps and please check out [this answer from StackOverflow](https://stackoverflow.com/a/21340898) for more.
```
@ -40,7 +40,7 @@ commands we run:
```
Please see an example configuration template at `openssl-ca.cnf`.
5. Verify the `subject_cert.pem` is trusted by `ca_cert.pem`:
```
$ openssl verify -verbose -CAfile ca_cert.pem subject_cert.pem

8
security/advancedtls/testdata/another_client_cert_1.pem vendored
View File

@ -49,14 +49,14 @@ Certificate:
55:60:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
X509v3 Subject Key Identifier:
D5:43:51:8B:A8:4C:84:D0:C8:DE:29:14:1B:15:7A:62:01:ED:FF:EC
X509v3 Authority Key Identifier:
X509v3 Authority Key Identifier:
keyid:B4:19:08:1C:FC:10:23:C5:30:86:22:BC:CB:B1:5F:AD:EA:7A:5D:F1
X509v3 Basic Constraints:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
61:a0:89:19:3e:e8:3d:35:bf:6e:5d:0c:d0:ec:36:85:d4:27:

8
security/advancedtls/testdata/client_cert_1.pem vendored
View File

@ -49,14 +49,14 @@ Certificate:
10:5f:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
X509v3 Subject Key Identifier:
7F:9D:9C:C6:86:DF:9E:07:93:94:EF:18:2D:0A:0A:50:AA:1F:A2:B7
X509v3 Authority Key Identifier:
X509v3 Authority Key Identifier:
keyid:B4:19:08:1C:FC:10:23:C5:30:86:22:BC:CB:B1:5F:AD:EA:7A:5D:F1
X509v3 Basic Constraints:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
31:b0:6d:25:5e:8e:9b:73:01:ac:08:b9:a6:70:8e:de:18:fd:

8
security/advancedtls/testdata/client_cert_2.pem vendored
View File

@ -49,14 +49,14 @@ Certificate:
f4:2a:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
X509v3 Subject Key Identifier:
E0:27:7D:90:FC:81:7F:F3:EE:97:CE:65:A2:AD:D2:1E:CC:D5:2B:0F
X509v3 Authority Key Identifier:
X509v3 Authority Key Identifier:
keyid:63:88:EA:4D:D0:3E:EF:5E:F8:43:91:75:40:E4:16:AB:15:B3:32:B9
X509v3 Basic Constraints:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
8c:81:8f:65:38:2c:db:69:34:26:47:62:b7:5d:4e:67:41:c2:

28
security/advancedtls/testdata/crl/README.md vendored
View File

@ -49,7 +49,7 @@ Certificate chain where the leaf is revoked
## Test Data for testing CRL providers functionality
To generate test data please run provider_create.sh script. All the files have
To generate test data please run provider_create.sh script. All the files have
`provider_` prefix.
We need to generate the following artifacts for testing CRL provider:
@ -59,34 +59,34 @@ We need to generate the following artifacts for testing CRL provider:
* client cert signed by server CA
* empty crl file
* crl file containing information about revoked server cert
* crl file by 'malicious' CA which contains the same issuer with original CA
* crl file by 'malicious' CA which contains the same issuer with original CA
All the commands are provided in provider_create.sh script. Please find the
All the commands are provided in provider_create.sh script. Please find the
description below.
1. The first two commands generate self signed CAs for client and server:
- provider_server_trust_key.pem
- provider_server_trust_cert.pem
- provider_client_trust_key.pem
- provider_client_trust_cert.pem
- provider_server_trust_key.pem
- provider_server_trust_cert.pem
- provider_client_trust_key.pem
- provider_client_trust_cert.pem
2. Generate client and server certs signed by the CAs above:
- provider_server_cert.pem
- provider_server_cert.pem
- provider_client_cert.pem
3. The next 2 commands create 2 files needed for CRL issuing:
- provider_crlnumber.txt
- provider_index.txt
4. The next 3 commands generate an empty CRL file and a CRL file containing
4. The next 3 commands generate an empty CRL file and a CRL file containing
revoked server cert:
- provider_crl_empty.pem
- provider_crl_server_revoked.pem
- provider_crl_empty.pem
- provider_crl_server_revoked.pem
5. The final section contains commands to generate CRL file by 'malicious' CA.
Note that we use Subject Key Identifier from previously created
5. The final section contains commands to generate CRL file by 'malicious' CA.
Note that we use Subject Key Identifier from previously created
provider_client_trust_cert.pem to generate malicious certs / CRL.
- provider_malicious_client_trust_key.pem
- provider_malicious_client_trust_cert.pem
- provider_malicious_client_trust_cert.pem
- provider_malicious_crl_empty.pem

8
security/advancedtls/testdata/server_cert_1.pem vendored
View File

@ -49,14 +49,14 @@ Certificate:
17:b4:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
X509v3 Subject Key Identifier:
C0:82:DA:FA:69:46:30:AE:FF:6F:CD:BB:93:49:94:A6:D0:E2:17:EB
X509v3 Authority Key Identifier:
X509v3 Authority Key Identifier:
keyid:5A:A5:DA:B1:99:D4:E5:0E:E6:1E:94:EA:FF:FC:62:E2:ED:09:F1:06
X509v3 Basic Constraints:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
36:fd:cf:ec:f5:20:4b:52:dc:2e:38:f3:92:b1:e4:b6:a1:06:

8
security/advancedtls/testdata/server_cert_1.txt vendored
View File

@ -49,14 +49,14 @@ Certificate:
17:b4:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
X509v3 Subject Key Identifier:
C0:82:DA:FA:69:46:30:AE:FF:6F:CD:BB:93:49:94:A6:D0:E2:17:EB
X509v3 Authority Key Identifier:
X509v3 Authority Key Identifier:
keyid:5A:A5:DA:B1:99:D4:E5:0E:E6:1E:94:EA:FF:FC:62:E2:ED:09:F1:06
X509v3 Basic Constraints:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
36:fd:cf:ec:f5:20:4b:52:dc:2e:38:f3:92:b1:e4:b6:a1:06:

8
security/advancedtls/testdata/server_cert_2.pem vendored
View File

@ -49,14 +49,14 @@ Certificate:
52:25:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
X509v3 Subject Key Identifier:
74:BD:18:0B:32:AF:D0:51:8E:4C:4C:8D:B2:F6:4E:B8:6D:AB:BD:BA
X509v3 Authority Key Identifier:
X509v3 Authority Key Identifier:
keyid:01:74:A9:44:61:3D:7A:BB:C2:32:CD:D0:ED:20:DA:3A:C4:C6:02:E8
X509v3 Basic Constraints:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
b5:63:0c:d8:ed:af:74:2d:4c:94:36:41:05:2a:f2:ef:45:e5:

9
security/advancedtls/testdata/server_cert_2.txt vendored
View File

@ -49,14 +49,14 @@ Certificate:
52:25:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
X509v3 Subject Key Identifier:
74:BD:18:0B:32:AF:D0:51:8E:4C:4C:8D:B2:F6:4E:B8:6D:AB:BD:BA
X509v3 Authority Key Identifier:
X509v3 Authority Key Identifier:
keyid:01:74:A9:44:61:3D:7A:BB:C2:32:CD:D0:ED:20:DA:3A:C4:C6:02:E8
X509v3 Basic Constraints:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
b5:63:0c:d8:ed:af:74:2d:4c:94:36:41:05:2a:f2:ef:45:e5:
@ -88,4 +88,3 @@ Certificate:
1d:b5:cc:6f:14:21:c4:89:07:9b:81:1d:9a:79:ff:bf:fd:ce:
e4:77:11:0f:47:21:dc:d9:79:f3:40:26:56:5c:b4:86:32:8e:
28:b9:14:e7:b3:fe:86:47

8
security/advancedtls/testdata/server_cert_3.txt vendored
View File

@ -33,14 +33,14 @@ Certificate:
ac:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
X509v3 Authority Key Identifier:
keyid:6E:1B:8B:C9:34:74:E7:7B:8D:2A:4F:41:0E:98:50:30:14:01:16:B1
X509v3 Basic Constraints:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Subject Alternative Name:
X509v3 Subject Alternative Name:
DNS:google.com, DNS:apple.com, DNS:amazon.com
Signature Algorithm: sha256WithRSAEncryption
9f:96:96:1c:41:cd:4c:39:9c:80:2d:b9:a0:4b:42:8f:e2:24:

10
security/advancedtls/testdata/server_cert_localhost_1.pem vendored
View File

@ -49,16 +49,16 @@ Certificate:
41:ba:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
X509v3 Subject Key Identifier:
F3:DC:6A:5B:B7:CE:E9:E1:4D:3E:C4:AE:B7:8E:39:E3:6D:CA:AF:C7
X509v3 Authority Key Identifier:
X509v3 Authority Key Identifier:
keyid:5A:A5:DA:B1:99:D4:E5:0E:E6:1E:94:EA:FF:FC:62:E2:ED:09:F1:06
X509v3 Basic Constraints:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
X509v3 Subject Alternative Name:
DNS:localhost
Signature Algorithm: sha256WithRSAEncryption
54:13:3d:55:d3:4b:d8:85:f0:54:a8:33:5c:a1:9f:87:79:31:

2
xds/internal/test/e2e/run.sh
View File

@ -3,4 +3,4 @@
mkdir binaries
go build -o ./binaries/client ../../../../interop/xds/client/
go build -o ./binaries/server ../../../../interop/xds/server/
go test .
go test .