integration

package
v0.0.0-...-f9def7f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 13, 2024 License: Apache-2.0 Imports: 51 Imported by: 0

Documentation

Overview

Package integration holds test-only code for running tests on an integrated system of the CT personality and a Trillian log.

Index

Constants

View Source
const (
	ParamTooBig    = Choice("ParamTooBig")
	Param2TooBig   = Choice("Param2TooBig")
	ParamNegative  = Choice("ParamNegative")
	ParamInvalid   = Choice("ParamInvalid")
	ParamsInverted = Choice("ParamsInverted")
	InvalidBase64  = Choice("InvalidBase64")
	EmptyChain     = Choice("EmptyChain")
	CertNotPrecert = Choice("CertNotPrecert")
	PrecertNotCert = Choice("PrecertNotCert")
	NoChainToRoot  = Choice("NoChainToRoot")
	UnparsableCert = Choice("UnparsableCert")
	NewCert        = Choice("NewCert")
	LastCert       = Choice("LastCert")
	FirstCert      = Choice("FirstCert")
)

Constants for per-operation choices.

Variables

View Source
var DefaultTransport = &http.Transport{
	Proxy: http.ProxyFromEnvironment,
	DialContext: (&net.Dialer{
		Timeout:   30 * time.Second,
		KeepAlive: 30 * time.Second,
	}).DialContext,
	MaxIdleConns:          1000,
	MaxIdleConnsPerHost:   1000,
	IdleConnTimeout:       90 * time.Second,
	TLSHandshakeTimeout:   10 * time.Second,
	ExpectContinueTimeout: 1 * time.Second,
}

DefaultTransport is a http Transport more suited for use in the hammer context. In particular it increases the number of reusable connections to the same host. This helps to prevent starvation of ports through TIME_WAIT when using the hammer with a high number of parallel chain submissions.

Functions

func CertsFromPEM

func CertsFromPEM(data []byte) []ct.ASN1Cert

CertsFromPEM loads X.509 certificates from the provided PEM-encoded data.

func GetChain

func GetChain(dir, path string) ([]ct.ASN1Cert, error)

GetChain retrieves a certificate from a file of the given name and directory.

func HammerCTLog

func HammerCTLog(ctx context.Context, cfg HammerConfig) error

HammerCTLog performs load/stress operations according to given config.

func MakeSigner

func MakeSigner(testDir string) (crypto.Signer, error)

MakeSigner creates a signer using the private key in the test directory.

func NotAfterForLog

func NotAfterForLog(c *configpb.LogConfig) (time.Time, error)

NotAfterForLog returns a NotAfter time to be used for certs submitted to the given log instance, allowing for any temporal shard configuration.

func RunCTIntegrationForLog

func RunCTIntegrationForLog(cfg *configpb.LogConfig, servers, metricsServers, testdir string, mmd time.Duration, stats *logStats) error

RunCTIntegrationForLog tests against the log with configuration cfg, with a set of comma-separated server addresses given by servers, assuming that testdir holds a variety of test data files. nolint: gocyclo

func RunCTLifecycleForLog

func RunCTLifecycleForLog(cfg *configpb.LogConfig, servers, metricsServers, adminServer string, testDir string, mmd time.Duration, stats *logStats) error

RunCTLifecycleForLog does a simple log lifecycle test. The log is assumed to be newly created when this test runs. A random number of entries are then submitted to build up a queue. The log is set to DRAINING state and the test checks that all the entries are integrated into the tree and we can verify a consistency proof to the latest entry.

Types

type CTLogEnv

type CTLogEnv struct {
	CTAddr string
	// contains filtered or unexported fields
}

CTLogEnv is a test environment that contains both a log server and a CT personality connected to it.

func NewCTLogEnv

func NewCTLogEnv(ctx context.Context, cfgs []*configpb.LogConfig, numSequencers int, testID string) (*CTLogEnv, error)

NewCTLogEnv creates a fresh DB, log server, and CT personality. testID should be unique to each unittest package so as to allow parallel tests. Created logIDs will be set to cfgs.

func (*CTLogEnv) Close

func (env *CTLogEnv) Close()

Close shuts down the servers.

type ChainGenerator

type ChainGenerator interface {
	// CertChain generates a certificate chain.
	CertChain() ([]ct.ASN1Cert, error)
	// PreCertChain generates a precertificate chain, and also returns the leaf TBS data
	PreCertChain() ([]ct.ASN1Cert, []byte, error)
}

ChainGenerator encapsulates objects that can generate certificate chains for testing.

func NewCopyChainGenerator

func NewCopyChainGenerator(ctx context.Context, client *client.LogClient, cfg *configpb.LogConfig, startIndex int64, bufSize int) (ChainGenerator, error)

NewCopyChainGenerator builds a certificate chain generator that sources chains from another source log, starting at startIndex (or a random index in the current tree size if startIndex is negative). This function starts background goroutines that scan the log; cancelling the context will terminate these goroutines (after that the [Pre]CertChain() entrypoints will permanently fail).

func NewCopyChainGeneratorFromOpts

func NewCopyChainGeneratorFromOpts(ctx context.Context, client *client.LogClient, cfg *configpb.LogConfig, opts CopyChainOptions) (ChainGenerator, error)

NewCopyChainGeneratorFromOpts builds a certificate chain generator that sources chains from another source log, starting at opts.StartIndex (or a random index in the current tree size if this is negative). This function starts background goroutines that scan the log; cancelling the context will terminate these goroutines (after that the [Pre]CertChain() entrypoints will permanently fail).

func NewSyntheticChainGenerator

func NewSyntheticChainGenerator(chain []ct.ASN1Cert, signer crypto.Signer, notAfter time.Time) (ChainGenerator, error)

NewSyntheticChainGenerator returns a ChainGenerator that mints synthetic certificates based on the given template chain. The provided signer should match the public key of the first issuer cert.

type Choice

type Choice string

Choice represents a random decision about a hammer operation.

type ClientPool

type ClientPool interface {
	// Next returns the next LogClient instance to be used.
	Next() *client.LogClient
}

ClientPool describes an entity which produces LogClient instances.

func NewRandomPool

func NewRandomPool(servers string, pubKey *keyspb.PublicKey, prefix string) (ClientPool, error)

NewRandomPool creates a pool which returns a random client from list of servers.

type CopyChainGenerator

type CopyChainGenerator struct {
	// contains filtered or unexported fields
}

CopyChainGenerator creates certificate chains by copying suitable examples from a source log.

func (*CopyChainGenerator) CertChain

func (g *CopyChainGenerator) CertChain() ([]ct.ASN1Cert, error)

CertChain returns a new cert chain taken from the source log. This may block until a suitable cert has been discovered in the source log.

func (*CopyChainGenerator) PreCertChain

func (g *CopyChainGenerator) PreCertChain() ([]ct.ASN1Cert, []byte, error)

PreCertChain returns a new precert chain taken from the source log. This may block until a suitable precert has been discovered in the source log.

type CopyChainOptions

type CopyChainOptions struct {
	// StartIndex indicates where to start scanning; negative value implies starting from a random position.
	StartIndex int64
	// BufSize is the number of buffered chains to hold.
	BufSize int
	// BatchSize indicates how many entries should be requested from the source log at a time.
	BatchSize int
	// ParallelFetch indicates how many parallel entry fetchers to run.
	ParallelFetch int
}

CopyChainOptions describes the parameters for a CopyChainGenerator instance.

type GeneratorFactory

type GeneratorFactory func(c *configpb.LogConfig) (ChainGenerator, error)

GeneratorFactory is a method that builds a Log-specific ChainGenerator.

func SyntheticGeneratorFactory

func SyntheticGeneratorFactory(testDir, leafNotAfter string) (GeneratorFactory, error)

SyntheticGeneratorFactory returns a function that creates per-Log ChainGenerator instances that create synthetic certificates (details of which are specified by the arguments).

type HammerBias

type HammerBias struct {
	Bias map[ctfe.EntrypointName]int

	// InvalidChance gives the odds of performing an invalid operation, as the N in 1-in-N.
	InvalidChance map[ctfe.EntrypointName]int
	// contains filtered or unexported fields
}

HammerBias indicates the bias for selecting different log operations.

func (HammerBias) Choose

func (hb HammerBias) Choose() ctfe.EntrypointName

Choose randomly picks an operation to perform according to the biases.

func (HammerBias) Invalid

func (hb HammerBias) Invalid(ep ctfe.EntrypointName) bool

Invalid randomly chooses whether an operation should be invalid.

type HammerConfig

type HammerConfig struct {
	// Configuration for the log.
	LogCfg *configpb.LogConfig
	// How to create process-wide metrics.
	MetricFactory monitoring.MetricFactory
	// Maximum merge delay.
	MMD time.Duration
	// Certificate chain generator.
	ChainGenerator ChainGenerator
	// ClientPool provides the clients used to make requests.
	ClientPool ClientPool
	// Bias values to favor particular log operations.
	EPBias HammerBias
	// Range of how many entries to get.
	MinGetEntries, MaxGetEntries int
	// OversizedGetEntries governs whether get-entries requests that go beyond the
	// current tree size are allowed (with a truncated response expected).
	OversizedGetEntries bool
	// Number of operations to perform.
	Operations uint64
	// Rate limiter
	Limiter Limiter
	// MaxParallelChains sets the upper limit for the number of parallel
	// add-*-chain requests to make when the biasing model says to perform an add.
	MaxParallelChains int
	// EmitInterval defines how frequently stats are logged.
	EmitInterval time.Duration
	// IgnoreErrors controls whether a hammer run fails immediately on any error.
	IgnoreErrors bool
	// MaxRetryDuration governs how long to keep retrying when IgnoreErrors is true.
	MaxRetryDuration time.Duration
	// RequestDeadline indicates the deadline to set on each request to the log.
	RequestDeadline time.Duration
	// DuplicateChance sets the probability of attempting to add a duplicate when
	// calling add[-pre]-chain (as the N in 1-in-N). Set to 0 to disable sending
	// duplicates.
	DuplicateChance int
	// StrictSTHConsistencySize if set to true will cause Hammer to only request
	// STH consistency proofs between tree sizes for which it's seen valid STHs.
	// If set to false, Hammer will request a consistency proof between the
	// current tree size, and a random smaller size greater than zero.
	StrictSTHConsistencySize bool
}

HammerConfig provides configuration for a stress/load test.

type Limiter

type Limiter interface {
	Wait(context.Context) error
}

Limiter is an interface to allow different rate limiters to be used with the hammer.

type RandomPool

type RandomPool []*client.LogClient

RandomPool holds a collection of CT LogClient instances.

func (RandomPool) Next

func (p RandomPool) Next() *client.LogClient

Next picks a random client from the pool.

type SyntheticChainGenerator

type SyntheticChainGenerator struct {
	// contains filtered or unexported fields
}

SyntheticChainGenerator builds synthetic certificate chains based on a template chain and intermediate CA private key.

func (*SyntheticChainGenerator) CertChain

func (g *SyntheticChainGenerator) CertChain() ([]ct.ASN1Cert, error)

CertChain builds a new synthetic chain with a fresh leaf cert, changing SubjectKeyId and re-signing.

func (*SyntheticChainGenerator) PreCertChain

func (g *SyntheticChainGenerator) PreCertChain() ([]ct.ASN1Cert, []byte, error)

PreCertChain builds a new synthetic precert chain; also returns the leaf TBS data.

Directories

Path Synopsis
ct_hammer is a stress/load test for a CT log.
ct_hammer is a stress/load test for a CT log.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL