/
tls-issue-tester.go
108 lines (94 loc) · 2.56 KB
/
tls-issue-tester.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package main
import (
"crypto/tls"
"crypto/x509"
"fmt"
"io"
"io/ioutil"
"log"
"net/http"
"runtime"
"time"
"github.com/gomodule/redigo/redis"
)
func redis_connect() {
log.Println("Connecting to redis..")
tlsConfig, err := CreateClientTLSConfig("/tls-data/curl.crt", "/tls-data/curl.key", "/tls-data/ca.crt")
if err != nil {
log.Fatal(err)
}
connectionTimeouts, err := time.ParseDuration("1s")
if err != nil {
log.Fatal(err)
}
options := []redis.DialOption{
redis.DialConnectTimeout(connectionTimeouts),
redis.DialReadTimeout(connectionTimeouts),
redis.DialWriteTimeout(connectionTimeouts),
redis.DialTLSConfig(tlsConfig),
}
c, err := redis.DialURL("rediss://localhost:6379", options...)
if err != nil {
log.Print(err)
return
}
defer c.Close()
_, err = c.Do("PING")
if err != nil {
log.Print(err)
return
}
log.Println("Disconnecting")
}
// CreateClientTLSConfig verifies configured files and return a prepared tls.Config
func CreateClientTLSConfig(ClientCertFile, ClientKeyFile, CaCertFile string) (*tls.Config, error) {
tlsConfig := tls.Config{
InsecureSkipVerify: false,
}
cert, err := LoadKeyPair(ClientCertFile, ClientKeyFile)
if err != nil {
return nil, err
}
tlsConfig.Certificates = []tls.Certificate{*cert}
certificates, err := LoadCAFile(CaCertFile)
if err != nil {
return nil, err
}
tlsConfig.RootCAs = certificates
return &tlsConfig, nil
}
// The files must contain PEM encoded data.
func LoadKeyPair(certFile, keyFile string) (*tls.Certificate, error) {
log.Printf("Load key pair: %s %s", certFile, keyFile)
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return nil, err
}
return &cert, nil
}
// LoadCAFile reads and parses CA certificates from a file into a pool.
// The file must contain PEM encoded data.
func LoadCAFile(caFile string) (*x509.CertPool, error) {
log.Printf("Load CA cert file: %s", caFile)
pemCerts, err := ioutil.ReadFile(caFile)
if err != nil {
return nil, err
}
pool := x509.NewCertPool()
pool.AppendCertsFromPEM(pemCerts)
return pool, nil
}
func MetricsScrape(w http.ResponseWriter, req *http.Request) {
log.Println("Metrics scraping by connecting to redis")
redis_connect()
io.WriteString(w, fmt.Sprintf("current_time_seconds %d", time.Now().Unix()))
}
func main() {
log.Printf("Using Go version: %s\n", runtime.Version())
http.HandleFunc("/metrics", MetricsScrape)
err := http.ListenAndServeTLS(":9121", "/tls-data/exporter-s.crt", "/tls-data/exporter-s.key", nil)
//err := http.ListenAndServe(":9121", nil)
if err != nil {
log.Fatal("ListenAndServe: ", err)
}
}