mirrors/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2025-03-04 09:48:19 +01:00
Code Issues Projects Releases Wiki Activity

lnd_test: remove TLSAutoRegeneration test

Browse source
This commit is contained in:
Turtle 2019-06-23 00:05:20 -04:00
parent 93aad89f4c
commit 24ca95ab10
1 changed files with 0 additions and 139 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

139
lntest/itest/lnd_test.go
View file

@ -4,21 +4,13 @@ package itest
import ( import (
"bytes" "bytes"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand" "crypto/rand"
"crypto/sha256" "crypto/sha256"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/hex" "encoding/hex"
"encoding/pem"
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"math" "math"
"math/big"
"net"
"os" "os"
"path/filepath" "path/filepath"
"reflect" "reflect"
@ -13880,133 +13872,6 @@ func testHoldInvoicePersistence(net *lntest.NetworkHarness, t *harnessTest) {
} }
} }
// testTLSAutoRegeneration creates an expired TLS certificate, to test that a
// new TLS certificate pair is regenerated when the old pair expires. This is
// necessary because the pair expires after a little over a year.
func testTLSAutoRegeneration(lnNet *lntest.NetworkHarness, t *harnessTest) {
certPath := lnNet.Alice.TLSCertStr()
keyPath := lnNet.Alice.TLSKeyStr()
// Create an expired certificate.
expiredCert := genExpiredCertPair(
t, lnNet, certPath, keyPath,
)
// Restart the node to test that the cert is automatically regenerated.
lnNet.RestartNode(lnNet.Alice, nil, nil)
// Grab the newly generated certificate.
newCertData, err := tls.LoadX509KeyPair(certPath, keyPath)
if err != nil {
t.Fatalf("couldn't grab new certificate")
}
newCert, err := x509.ParseCertificate(newCertData.Certificate[0])
if err != nil {
t.Fatalf("couldn't parse new certificate")
}
// Check that the expired certificate was successfully deleted and
// replaced with a new one.
if !newCert.NotAfter.After(expiredCert.NotAfter) {
t.Fatalf("New certificate expiration is too old")
}
}
// genExpiredCertPair generates an expired key/cert pair to the paths
// provided to test that expired certificates are being regenerated correctly.
func genExpiredCertPair(t *harnessTest, lnNet *lntest.NetworkHarness, certPath,
keyPath string) *x509.Certificate {
// Max serial number.
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
// Generate a serial number that's below the serialNumberLimit.
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
t.Fatalf("failed to generate serial number: %s", err)
}
host := "lightning"
// Create a simple ip address for the fake certificate.
ipAddresses := []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("::1")}
dnsNames := []string{host, "unix", "unixpacket"}
// Construct the certificate template.
template := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"lnd autogenerated cert"},
CommonName: host,
},
NotBefore: time.Now().Add(-time.Hour * 24),
NotAfter: time.Now(),
KeyUsage: x509.KeyUsageKeyEncipherment |
x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
IsCA: true, // so can sign self.
BasicConstraintsValid: true,
DNSNames: dnsNames,
IPAddresses: ipAddresses,
}
// Generate a private key for the certificate.
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
t.Fatalf("failed to generate a private key")
}
derBytes, err := x509.CreateCertificate(
rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil {
t.Fatalf("failed to create certificate: %v", err)
}
expiredCert, err := x509.ParseCertificate(derBytes)
if err != nil {
t.Fatalf("failed to parse certificate: %v", err)
}
certBuf := bytes.Buffer{}
err = pem.Encode(
&certBuf, &pem.Block{
Type: "CERTIFICATE",
Bytes: derBytes,
},
)
if err != nil {
t.Fatalf("failed to encode certificate: %v", err)
}
keybytes, err := x509.MarshalECPrivateKey(priv)
if err != nil {
t.Fatalf("unable to encode privkey: %v", err)
}
keyBuf := bytes.Buffer{}
err = pem.Encode(
&keyBuf, &pem.Block{
Type: "EC PRIVATE KEY",
Bytes: keybytes,
},
)
if err != nil {
t.Fatalf("failed to encode private key: %v", err)
}
// Write cert and key files.
if err = ioutil.WriteFile(certPath, certBuf.Bytes(), 0644); err != nil {
t.Fatalf("failed to write cert file: %v", err)
}
if err = ioutil.WriteFile(keyPath, keyBuf.Bytes(), 0600); err != nil {
os.Remove(certPath)
t.Fatalf("failed to write key file: %v", err)
}
return expiredCert
}
type testCase struct { type testCase struct {
name string name string
test func(net *lntest.NetworkHarness, t *harnessTest) test func(net *lntest.NetworkHarness, t *harnessTest)
@ -14258,10 +14123,6 @@ var testsCases = []*testCase{
name: "cpfp", name: "cpfp",
test: testCPFP, test: testCPFP,
}, },
{
name: "automatic certificate regeneration",
test: testTLSAutoRegeneration,
},
} }
// TestLightningNetworkDaemon performs a series of integration tests amongst a // TestLightningNetworkDaemon performs a series of integration tests amongst a