fixed another set of static errors

openconfig · Dec 5, 2024 · f3ffb97 · f3ffb97
1 parent c09063b
commit f3ffb97
Show file tree

Hide file tree

Showing 2 changed files with 96 additions and 47 deletions.
diff --git a/feature/security/gnsi/certz/tests/client_certificates/client_certificates_test.go b/feature/security/gnsi/certz/tests/client_certificates/client_certificates_test.go
@@ -39,7 +39,8 @@ var (
 	serverAddr      string
 	username        = "certzuser"
 	password        = "certzpasswd"
-	expected_result bool
+	expectedresult bool
+	//pkcs7flag       bool
 )
 
 // createUser function to add an user in admin role.
@@ -112,7 +113,7 @@ func TestClientCert(t *testing.T) {
 			serverCertFile:  dirPath + "ca-01/server-rsa-a-cert.pem",
 			serverKeyFile:   dirPath + "ca-01/server-rsa-a-key.pem",
 			trustBundleFile: dirPath + "ca-01/trust_bundle_01_rsa.pem",
-			p7btrustBundle:  dirPath + "ca-01/ca-01/trust_bundle_01_rsa.p7b",
+			p7btrustBundle:  dirPath + "ca-01/trust_bundle_01_rsa.p7b",
 			clientCertFile:  dirPath + "ca-01/client-rsa-a-cert.pem",
 			clientKeyFile:   dirPath + "ca-01/client-rsa-a-key.pem",
 		},
@@ -208,6 +209,8 @@ func TestClientCert(t *testing.T) {
 				ServerCertFile: tc.serverCertFile,
 				ServerKeyFile:  tc.serverKeyFile})
 			serverCertEntity := setupService.CreateCertzEntity(t, setupService.EntityTypeCertificateChain, &serverCert, "cert1")
+			//Enable pkcs7 to true for new certz proto and
+			//trustCertChain := setupService.CreateCertChainFromp7bTrustBundle(tc.p7btrustBundle)
 			trustCertChain := setupService.CreateCertChainFromTrustBundle(tc.trustBundleFile)
 			trustBundleEntity := setupService.CreateCertzEntity(t, setupService.EntityTypeTrustBundle, trustCertChain, "bundle1")
 			cert, err := tls.LoadX509KeyPair(tc.clientCertFile, tc.clientKeyFile)
@@ -225,29 +228,29 @@ func TestClientCert(t *testing.T) {
 
 			switch tc.mismatch {
 			case true:
-				expected_result = false
-				success := setupService.CertzRotate(t, cacert, certzClient, cert, ctx, dut, san, serverAddr, testProfile, &serverCertEntity, &trustBundleEntity)
+				expectedresult = false
+				success := setupService.CertzRotate(ctx, t, cacert, certzClient, cert, dut, san, serverAddr, testProfile, &serverCertEntity, &trustBundleEntity)
 				if success {
 					t.Fatalf("%s:Certz rotation failed.", tc.desc)
 				}
 				t.Logf("%s:Mismatch certz rotation failed as expected before finalize!", tc.desc)
 				t.Run("Verification of new connection with mismatch rotate of trustbundle.", func(t *testing.T) {
-					result := setupService.PostValidationCheck(t, cacert, expected_result, san, serverAddr, username, password, cert)
+					result := setupService.PostValidationCheck(t, cacert, expectedresult, san, serverAddr, username, password, cert)
 					if !result {
 						t.Fatalf("%s :postTestcase service validation failed after rotate- got %v, want %v", tc.desc, result, false)
 					}
 					t.Logf("%s postTestcase service validation done!", tc.desc)
 				})
 			case false:
-				expected_result = true
-				success := setupService.CertzRotate(t, cacert, certzClient, cert, ctx, dut, san, serverAddr, testProfile, &serverCertEntity, &trustBundleEntity)
+				expectedresult = true
+				success := setupService.CertzRotate(ctx, t, cacert, certzClient, cert, dut, san, serverAddr, testProfile, &serverCertEntity, &trustBundleEntity)
 				if !success {
 					t.Fatalf("%s:Certz rotation failed.", tc.desc)
 				}
 				t.Logf("%s:successfully completed certz rotation!", tc.desc)
 				// Verification check of the new connection post rotation.
 				t.Run("Verification of new connection after rotate ", func(t *testing.T) {
-					result := setupService.PostValidationCheck(t, cacert, expected_result, san, serverAddr, username, password, cert)
+					result := setupService.PostValidationCheck(t, cacert, expectedresult, san, serverAddr, username, password, cert)
 					if !result {
 						t.Fatalf("%s :postTestcase service validation failed after rotate- got %v, want %v", tc.desc, result, true)
 					}

diff --git a/feature/security/gnsi/certz/tests/internal/setup_service/setup_service.go b/feature/security/gnsi/certz/tests/internal/setup_service/setup_service.go
@@ -55,7 +55,7 @@ type rpcCredentials struct {
 	*creds.UserPass
 }
 
-func (r *rpcCredentials) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) {
+func (r *rpcCredentials) GetRequestMetadata(_ context.Context, _ ...string) (map[string]string, error) {
 	return map[string]string{
 		"username": r.UserPass.Username,
 		"password": r.UserPass.Password,
@@ -203,32 +203,79 @@ func CreateCertChainFromTrustBundle(fileName string) *certzpb.CertificateChain {
 	//a valid check for trust not empty
 	if len(trust) == 0 {
 		return &certzpb.CertificateChain{}
-	} else {
-		var prevCert *certzpb.CertificateChain
-		var bundleToReturn *certzpb.CertificateChain
-		for i := len(trust) - 1; i >= 0; i-- {
-			if i == len(trust)-1 {
-				bundleToReturn = &certzpb.CertificateChain{Certificate: &certzpb.Certificate{
-					Type:        certzpb.CertificateType_CERTIFICATE_TYPE_X509,
-					Encoding:    certzpb.CertificateEncoding_CERTIFICATE_ENCODING_PEM,
-					Certificate: trust[i],
-				}, Parent: nil}
-				prevCert = bundleToReturn
-			} else {
-				prevCert = bundleToReturn
-				bundleToReturn = &certzpb.CertificateChain{Certificate: &certzpb.Certificate{
-					Type:        certzpb.CertificateType_CERTIFICATE_TYPE_X509,
-					Encoding:    certzpb.CertificateEncoding_CERTIFICATE_ENCODING_PEM,
-					Certificate: trust[i],
-				}, Parent: prevCert}
-			}
+	}
+	var prevCert *certzpb.CertificateChain
+	var bundleToReturn *certzpb.CertificateChain
+	for i := len(trust) - 1; i >= 0; i-- {
+		if i == len(trust)-1 {
+			bundleToReturn = &certzpb.CertificateChain{Certificate: &certzpb.Certificate{
+				Type:        certzpb.CertificateType_CERTIFICATE_TYPE_X509,
+				Encoding:    certzpb.CertificateEncoding_CERTIFICATE_ENCODING_PEM,
+				Certificate: trust[i],
+			}, Parent: nil}
+			prevCert = bundleToReturn
+		} else {
+			prevCert = bundleToReturn
+			bundleToReturn = &certzpb.CertificateChain{Certificate: &certzpb.Certificate{
+				Type:        certzpb.CertificateType_CERTIFICATE_TYPE_X509,
+				Encoding:    certzpb.CertificateEncoding_CERTIFICATE_ENCODING_PEM,
+				Certificate: trust[i],
+			}, Parent: prevCert}
+		}
+	}
+	return bundleToReturn
+}
+
+// CreateCertChainFrom p7b TrustBundle function to create the certificate chain from trust bundle.
+func CreateCertChainFromp7bTrustBundle(fileName string) *certzpb.CertificateChain {
+	pemData, err := os.ReadFile(fileName)
+	if err != nil {
+		return &certzpb.CertificateChain{}
+	}
+	var trust [][]byte
+	for {
+		var block *pem.Block
+		block, pemData = pem.Decode(pemData)
+		if block == nil {
+			break
+		}
+		if block.Type != "CERTIFICATE" {
+			continue
+		}
+		p := pem.EncodeToMemory(block)
+		if p == nil {
+			return &certzpb.CertificateChain{}
+		}
+		trust = append(trust, p)
+	}
+	//a valid check for trust not empty
+	if len(trust) == 0 {
+		return &certzpb.CertificateChain{}
+	}
+	var prevCert *certzpb.CertificateChain
+	var bundleToReturn *certzpb.CertificateChain
+	for i := len(trust) - 1; i >= 0; i-- {
+		if i == len(trust)-1 {
+			bundleToReturn = &certzpb.CertificateChain{Certificate: &certzpb.Certificate{
+				Type:        certzpb.CertificateType_CERTIFICATE_TYPE_X509,
+				Encoding:    certzpb.CertificateEncoding_CERTIFICATE_ENCODING_PEM,
+				Certificate: trust[i],
+			}, Parent: nil}
+			prevCert = bundleToReturn
+		} else {
+			prevCert = bundleToReturn
+			bundleToReturn = &certzpb.CertificateChain{Certificate: &certzpb.Certificate{
+				Type:        certzpb.CertificateType_CERTIFICATE_TYPE_X509,
+				Encoding:    certzpb.CertificateEncoding_CERTIFICATE_ENCODING_PEM,
+				Certificate: trust[i],
+			}, Parent: prevCert}
 		}
-		return bundleToReturn
 	}
+	return bundleToReturn
 }
 
 // CertzRotate function to request the server certificate rotation and returns true on successful rotation.
-func CertzRotate(t *testing.T, caCert *x509.CertPool, certzClient certzpb.CertzClient, cert tls.Certificate, ctx context.Context, dut *ondatra.DUTDevice, san, serverAddr, profileID string, entities ...*certzpb.Entity) bool {
+func CertzRotate(_ context.Context, t *testing.T, caCert *x509.CertPool, certzClient certzpb.CertzClient, cert tls.Certificate, dut *ondatra.DUTDevice, san, serverAddr, profileID string, entities ...*certzpb.Entity) bool {
 	if len(entities) == 0 {
 		t.Logf("At least one entity required for Rotate request.")
 		return false
@@ -286,26 +333,25 @@ func CertzRotate(t *testing.T, caCert *x509.CertPool, certzClient certzpb.CertzC
 		}
 		time.Sleep(10 * time.Second)
 	}
-	if success {
-		finalizeRequest := &certzpb.RotateCertificateRequest_FinalizeRotation{FinalizeRotation: &certzpb.FinalizeRequest{}}
-		rotateCertRequest = &certzpb.RotateCertificateRequest{
-			ForceOverwrite: false,
-			SslProfileId:   profileID,
-			RotateRequest:  finalizeRequest}
-
-		err = rotateRequestClient.Send(rotateCertRequest)
-		if err != nil {
-			t.Fatalf("Error sending rotate finalize request: %v", err)
-		}
-		err = rotateRequestClient.CloseSend()
-		if err != nil {
-			t.Fatalf("Error sending rotate close send request: %v", err)
-		}
-		return true
-	} else {
+	if !success {
 		t.Logf("gNSI service RPC  did not succeed ~%d*10s after rotate. Certz/Rotate failed. FinalizeRequest will not be sent", retries)
 		return false
 	}
+	finalizeRequest := &certzpb.RotateCertificateRequest_FinalizeRotation{FinalizeRotation: &certzpb.FinalizeRequest{}}
+	rotateCertRequest = &certzpb.RotateCertificateRequest{
+		ForceOverwrite: false,
+		SslProfileId:   profileID,
+		RotateRequest:  finalizeRequest}
+
+	err = rotateRequestClient.Send(rotateCertRequest)
+	if err != nil {
+		t.Fatalf("Error sending rotate finalize request: %v", err)
+	}
+	err = rotateRequestClient.CloseSend()
+	if err != nil {
+		t.Fatalf("Error sending rotate close send request: %v", err)
+	}
+	return true
 }
 
 // CertGeneration function to create test data for use in TLS tests.