Merge pull request #18 from RedisGraph/tls.support

Added TLS support (server side cert only)

Author: filipecosta90

redisgraph-bechmark-go.go

@@ -19,6 +19,7 @@ import (
 func main() {
 	host := flag.String("h", "127.0.0.1", "Server hostname.")
 	port := flag.Int("p", 6379, "Server port.")
+	tlsCaCertFile := flag.String("tls-ca-cert-file", "", "A PEM encoded CA's certificate file.")
 	rps := flag.Int64("rps", 0, "Max rps. If 0 no limit is applied and the DB is stressed up to maximum.")
 	password := flag.String("a", "", "Password for Redis Auth.")
 	clients := flag.Uint64("c", 50, "number of clients.")
@@ -46,6 +47,7 @@ func main() {
 	var loop *bool = &loopV
 	version := flag.Bool("v", false, "Output version and exit")
 	flag.Parse()
+
 	git_sha := toolGitSHA1()
 	git_dirty_str := ""
 	if toolGitDirty() {
@@ -130,7 +132,7 @@ func main() {
 	c1 := make(chan os.Signal, 1)
 	signal.Notify(c1, os.Interrupt)
 
-	graphC, _ := getStandaloneConn(*graphKey, "tcp", connectionStr, *password)
+	graphC, _ := getStandaloneConn(*graphKey, "tcp", connectionStr, *password, *tlsCaCertFile)
 	log.Printf("Trying to extract RedisGraph version info\n")
 
 	redisgraphVersion, err := getRedisGraphVersion(graphC)
@@ -149,7 +151,7 @@ func main() {
 	startTime := time.Now()
 	for client_id := 0; uint64(client_id) < *clients; client_id++ {
 		wg.Add(1)
-		rgs[client_id], conns[client_id] = getStandaloneConn(*graphKey, "tcp", connectionStr, *password)
+		rgs[client_id], conns[client_id] = getStandaloneConn(*graphKey, "tcp", connectionStr, *password, *tlsCaCertFile)
 		// Given the total commands might not be divisible by the #clients
 		// the last client will send the remainder commands to match the desired request count.
 		// It's OK to alter clientTotalCmds given this is the last time we use it's value

standalone_conn.go

@@ -1,17 +1,56 @@
 package main
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	rg "github.com/RedisGraph/redisgraph-go"
 	"github.com/gomodule/redigo/redis"
+	"io/ioutil"
 	"log"
 )
 
-func getStandaloneConn(graphName, network, addr string, password string) (graph rg.Graph, conn redis.Conn) {
+func getStandaloneConn(graphName, network, addr string, password string, tlsCaCertFile string) (graph rg.Graph, conn redis.Conn) {
+
 	var err error
-	if password != "" {
-		conn, err = redis.Dial(network, addr, redis.DialPassword(password))
+	if tlsCaCertFile != "" {
+		// Load CA cert
+		caCert, err := ioutil.ReadFile(tlsCaCertFile)
+		if err != nil {
+			log.Fatal(err)
+		}
+		caCertPool := x509.NewCertPool()
+		caCertPool.AppendCertsFromPEM(caCert)
+
+		clientTLSConfig := &tls.Config{
+			RootCAs: caCertPool,
+		}
+		// InsecureSkipVerify controls whether a client verifies the
+		// server's certificate chain and host name.
+		// If InsecureSkipVerify is true, TLS accepts any certificate
+		// presented by the server and any host name in that certificate.
+		// In this mode, TLS is susceptible to man-in-the-middle attacks.
+		// This should be used only for testing.
+		clientTLSConfig.InsecureSkipVerify = true
+		if password != "" {
+			conn, err = redis.Dial(network, addr,
+				redis.DialPassword(password),
+				redis.DialTLSConfig(clientTLSConfig),
+				redis.DialUseTLS(true),
+				redis.DialTLSSkipVerify(true),
+			)
+		} else {
+			conn, err = redis.Dial(network, addr,
+				redis.DialTLSConfig(clientTLSConfig),
+				redis.DialUseTLS(true),
+				redis.DialTLSSkipVerify(true),
+			)
+		}
 	} else {
-		conn, err = redis.Dial(network, addr)
+		if password != "" {
+			conn, err = redis.Dial(network, addr, redis.DialPassword(password))
+		} else {
+			conn, err = redis.Dial(network, addr)
+		}
 	}
 	if err != nil {
 		log.Fatalf("Error preparing for benchmark, while creating new connection. error = %v", err)