Documentation ¶
Overview ¶
Package integration holds test-only code for running tests on an integrated system of the CT personality and a Trillian log.
Index ¶
- Constants
- Variables
- func CertsFromPEM(data []byte) []ct.ASN1Cert
- func GetChain(dir, path string) ([]ct.ASN1Cert, error)
- func HammerCTLog(ctx context.Context, cfg HammerConfig) error
- func MakeSigner(testDir string) (crypto.Signer, error)
- func NotAfterForLog(c *configpb.LogConfig) (time.Time, error)
- func RunCTIntegrationForLog(cfg *configpb.LogConfig, servers, metricsServers, testdir string, ...) error
- func RunCTLifecycleForLog(cfg *configpb.LogConfig, servers, metricsServers, adminServer string, ...) error
- type CTLogEnv
- type ChainGenerator
- func NewCopyChainGenerator(ctx context.Context, client *client.LogClient, cfg *configpb.LogConfig, ...) (ChainGenerator, error)
- func NewCopyChainGeneratorFromOpts(ctx context.Context, client *client.LogClient, cfg *configpb.LogConfig, ...) (ChainGenerator, error)
- func NewSyntheticChainGenerator(chain []ct.ASN1Cert, signer crypto.Signer, notAfter time.Time) (ChainGenerator, error)
- type Choice
- type ClientPool
- type CopyChainGenerator
- type CopyChainOptions
- type GeneratorFactory
- type HammerBias
- type HammerConfig
- type Limiter
- type RandomPool
- type SyntheticChainGenerator
Constants ¶
const ( ParamTooBig = Choice("ParamTooBig") Param2TooBig = Choice("Param2TooBig") ParamNegative = Choice("ParamNegative") ParamInvalid = Choice("ParamInvalid") ParamsInverted = Choice("ParamsInverted") InvalidBase64 = Choice("InvalidBase64") EmptyChain = Choice("EmptyChain") CertNotPrecert = Choice("CertNotPrecert") PrecertNotCert = Choice("PrecertNotCert") NoChainToRoot = Choice("NoChainToRoot") UnparsableCert = Choice("UnparsableCert") NewCert = Choice("NewCert") LastCert = Choice("LastCert") FirstCert = Choice("FirstCert") )
Constants for per-operation choices.
Variables ¶
var DefaultTransport = &http.Transport{ Proxy: http.ProxyFromEnvironment, DialContext: (&net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second, }).DialContext, MaxIdleConns: 1000, MaxIdleConnsPerHost: 1000, IdleConnTimeout: 90 * time.Second, TLSHandshakeTimeout: 10 * time.Second, ExpectContinueTimeout: 1 * time.Second, }
DefaultTransport is a http Transport more suited for use in the hammer context. In particular it increases the number of reusable connections to the same host. This helps to prevent starvation of ports through TIME_WAIT when using the hammer with a high number of parallel chain submissions.
Functions ¶
func CertsFromPEM ¶
CertsFromPEM loads X.509 certificates from the provided PEM-encoded data.
func HammerCTLog ¶
func HammerCTLog(ctx context.Context, cfg HammerConfig) error
HammerCTLog performs load/stress operations according to given config.
func MakeSigner ¶
MakeSigner creates a signer using the private key in the test directory.
func NotAfterForLog ¶
NotAfterForLog returns a NotAfter time to be used for certs submitted to the given log instance, allowing for any temporal shard configuration.
func RunCTIntegrationForLog ¶
func RunCTIntegrationForLog(cfg *configpb.LogConfig, servers, metricsServers, testdir string, mmd time.Duration, stats *logStats) error
RunCTIntegrationForLog tests against the log with configuration cfg, with a set of comma-separated server addresses given by servers, assuming that testdir holds a variety of test data files. nolint: gocyclo
func RunCTLifecycleForLog ¶
func RunCTLifecycleForLog(cfg *configpb.LogConfig, servers, metricsServers, adminServer string, testDir string, mmd time.Duration, stats *logStats) error
RunCTLifecycleForLog does a simple log lifecycle test. The log is assumed to be newly created when this test runs. A random number of entries are then submitted to build up a queue. The log is set to DRAINING state and the test checks that all the entries are integrated into the tree and we can verify a consistency proof to the latest entry.
Types ¶
type CTLogEnv ¶
type CTLogEnv struct { CTAddr string // contains filtered or unexported fields }
CTLogEnv is a test environment that contains both a log server and a CT personality connected to it.
func NewCTLogEnv ¶
func NewCTLogEnv(ctx context.Context, cfgs []*configpb.LogConfig, numSequencers int, testID string) (*CTLogEnv, error)
NewCTLogEnv creates a fresh DB, log server, and CT personality. testID should be unique to each unittest package so as to allow parallel tests. Created logIDs will be set to cfgs.
type ChainGenerator ¶
type ChainGenerator interface { // CertChain generates a certificate chain. CertChain() ([]ct.ASN1Cert, error) // PreCertChain generates a precertificate chain, and also returns the leaf TBS data PreCertChain() ([]ct.ASN1Cert, []byte, error) }
ChainGenerator encapsulates objects that can generate certificate chains for testing.
func NewCopyChainGenerator ¶
func NewCopyChainGenerator(ctx context.Context, client *client.LogClient, cfg *configpb.LogConfig, startIndex int64, bufSize int) (ChainGenerator, error)
NewCopyChainGenerator builds a certificate chain generator that sources chains from another source log, starting at startIndex (or a random index in the current tree size if startIndex is negative). This function starts background goroutines that scan the log; cancelling the context will terminate these goroutines (after that the [Pre]CertChain() entrypoints will permanently fail).
func NewCopyChainGeneratorFromOpts ¶
func NewCopyChainGeneratorFromOpts(ctx context.Context, client *client.LogClient, cfg *configpb.LogConfig, opts CopyChainOptions) (ChainGenerator, error)
NewCopyChainGeneratorFromOpts builds a certificate chain generator that sources chains from another source log, starting at opts.StartIndex (or a random index in the current tree size if this is negative). This function starts background goroutines that scan the log; cancelling the context will terminate these goroutines (after that the [Pre]CertChain() entrypoints will permanently fail).
func NewSyntheticChainGenerator ¶
func NewSyntheticChainGenerator(chain []ct.ASN1Cert, signer crypto.Signer, notAfter time.Time) (ChainGenerator, error)
NewSyntheticChainGenerator returns a ChainGenerator that mints synthetic certificates based on the given template chain. The provided signer should match the public key of the first issuer cert.
type ClientPool ¶
type ClientPool interface { // Next returns the next LogClient instance to be used. Next() *client.LogClient }
ClientPool describes an entity which produces LogClient instances.
func NewRandomPool ¶
NewRandomPool creates a pool which returns a random client from list of servers.
type CopyChainGenerator ¶
type CopyChainGenerator struct {
// contains filtered or unexported fields
}
CopyChainGenerator creates certificate chains by copying suitable examples from a source log.
func (*CopyChainGenerator) CertChain ¶
func (g *CopyChainGenerator) CertChain() ([]ct.ASN1Cert, error)
CertChain returns a new cert chain taken from the source log. This may block until a suitable cert has been discovered in the source log.
func (*CopyChainGenerator) PreCertChain ¶
func (g *CopyChainGenerator) PreCertChain() ([]ct.ASN1Cert, []byte, error)
PreCertChain returns a new precert chain taken from the source log. This may block until a suitable precert has been discovered in the source log.
type CopyChainOptions ¶
type CopyChainOptions struct { // StartIndex indicates where to start scanning; negative value implies starting from a random position. StartIndex int64 // BufSize is the number of buffered chains to hold. BufSize int // BatchSize indicates how many entries should be requested from the source log at a time. BatchSize int // ParallelFetch indicates how many parallel entry fetchers to run. ParallelFetch int }
CopyChainOptions describes the parameters for a CopyChainGenerator instance.
type GeneratorFactory ¶
type GeneratorFactory func(c *configpb.LogConfig) (ChainGenerator, error)
GeneratorFactory is a method that builds a Log-specific ChainGenerator.
func SyntheticGeneratorFactory ¶
func SyntheticGeneratorFactory(testDir, leafNotAfter string) (GeneratorFactory, error)
SyntheticGeneratorFactory returns a function that creates per-Log ChainGenerator instances that create synthetic certificates (details of which are specified by the arguments).
type HammerBias ¶
type HammerBias struct { Bias map[ctfe.EntrypointName]int // InvalidChance gives the odds of performing an invalid operation, as the N in 1-in-N. InvalidChance map[ctfe.EntrypointName]int // contains filtered or unexported fields }
HammerBias indicates the bias for selecting different log operations.
func (HammerBias) Choose ¶
func (hb HammerBias) Choose() ctfe.EntrypointName
Choose randomly picks an operation to perform according to the biases.
func (HammerBias) Invalid ¶
func (hb HammerBias) Invalid(ep ctfe.EntrypointName) bool
Invalid randomly chooses whether an operation should be invalid.
type HammerConfig ¶
type HammerConfig struct { // Configuration for the log. LogCfg *configpb.LogConfig // How to create process-wide metrics. MetricFactory monitoring.MetricFactory // Maximum merge delay. MMD time.Duration // Certificate chain generator. ChainGenerator ChainGenerator // ClientPool provides the clients used to make requests. ClientPool ClientPool // Bias values to favor particular log operations. EPBias HammerBias // Range of how many entries to get. MinGetEntries, MaxGetEntries int // OversizedGetEntries governs whether get-entries requests that go beyond the // current tree size are allowed (with a truncated response expected). OversizedGetEntries bool // Number of operations to perform. Operations uint64 // Rate limiter Limiter Limiter // MaxParallelChains sets the upper limit for the number of parallel // add-*-chain requests to make when the biasing model says to perform an add. MaxParallelChains int // EmitInterval defines how frequently stats are logged. EmitInterval time.Duration // IgnoreErrors controls whether a hammer run fails immediately on any error. IgnoreErrors bool // MaxRetryDuration governs how long to keep retrying when IgnoreErrors is true. MaxRetryDuration time.Duration // RequestDeadline indicates the deadline to set on each request to the log. RequestDeadline time.Duration // DuplicateChance sets the probability of attempting to add a duplicate when // calling add[-pre]-chain (as the N in 1-in-N). Set to 0 to disable sending // duplicates. DuplicateChance int // StrictSTHConsistencySize if set to true will cause Hammer to only request // STH consistency proofs between tree sizes for which it's seen valid STHs. // If set to false, Hammer will request a consistency proof between the // current tree size, and a random smaller size greater than zero. StrictSTHConsistencySize bool }
HammerConfig provides configuration for a stress/load test.
type RandomPool ¶
RandomPool holds a collection of CT LogClient instances.
func (RandomPool) Next ¶
func (p RandomPool) Next() *client.LogClient
Next picks a random client from the pool.
type SyntheticChainGenerator ¶
type SyntheticChainGenerator struct {
// contains filtered or unexported fields
}
SyntheticChainGenerator builds synthetic certificate chains based on a template chain and intermediate CA private key.
func (*SyntheticChainGenerator) CertChain ¶
func (g *SyntheticChainGenerator) CertChain() ([]ct.ASN1Cert, error)
CertChain builds a new synthetic chain with a fresh leaf cert, changing SubjectKeyId and re-signing.
func (*SyntheticChainGenerator) PreCertChain ¶
func (g *SyntheticChainGenerator) PreCertChain() ([]ct.ASN1Cert, []byte, error)
PreCertChain builds a new synthetic precert chain; also returns the leaf TBS data.