storj/pkg/peertls/tlsopts/options_test.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package tlsopts_test

import (
	"io/ioutil"
	"reflect"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	"storj.io/storj/internal/testcontext"
	"storj.io/storj/internal/testidentity"
	"storj.io/storj/internal/testplanet"
	"storj.io/storj/pkg/identity"
	"storj.io/storj/pkg/peertls"
	"storj.io/storj/pkg/peertls/extensions"
	"storj.io/storj/pkg/peertls/tlsopts"
	"storj.io/storj/pkg/storj"
	"storj.io/storj/pkg/transport"
)

func TestNewOptions(t *testing.T) {
	// TODO: this is not a great test...
	ctx := testcontext.New(t)
	defer ctx.Cleanup()

	fi, err := testidentity.PregeneratedIdentity(0, storj.LatestIDVersion())
	require.NoError(t, err)

	whitelistPath := ctx.File("whitelist.pem")

	chainData, err := peertls.ChainBytes(fi.CA)
	assert.NoError(t, err)

	err = ioutil.WriteFile(whitelistPath, chainData, 0644)
	assert.NoError(t, err)

	cases := []struct {
		testID                     string
		config                     tlsopts.Config
		clientVerificationFuncsLen int
		serverVerificationFuncsLen int
	}{
		{
			"default",
			tlsopts.Config{},
			1, 1,
		}, {
			"revocation processing",
			tlsopts.Config{
				RevocationDBURL: "bolt://" + ctx.File("revocation1.db"),
				Extensions: extensions.Config{
					Revocation: true,
				},
			},
			1, 1,
		}, {
			"ca whitelist verification",
			tlsopts.Config{
				PeerCAWhitelistPath: whitelistPath,
				UsePeerCAWhitelist:  true,
			},
			2, 1,
		}, {
			"ca whitelist verification and whitelist signed leaf verification",
			tlsopts.Config{
				// NB: file doesn't actually exist
				PeerCAWhitelistPath: whitelistPath,
				UsePeerCAWhitelist:  true,
				Extensions: extensions.Config{
					WhitelistSignedLeaf: true,
				},
			},
			2, 1,
		}, {
			"revocation processing and whitelist verification",
			tlsopts.Config{
				// NB: file doesn't actually exist
				PeerCAWhitelistPath: whitelistPath,
				UsePeerCAWhitelist:  true,
				RevocationDBURL:     "bolt://" + ctx.File("revocation2.db"),
				Extensions: extensions.Config{
					Revocation: true,
				},
			},
			2, 1,
		}, {
			"revocation processing, whitelist, and signed leaf verification",
			tlsopts.Config{
				// NB: file doesn't actually exist
				PeerCAWhitelistPath: whitelistPath,
				UsePeerCAWhitelist:  true,
				RevocationDBURL:     "bolt://" + ctx.File("revocation3.db"),
				Extensions: extensions.Config{
					Revocation:          true,
					WhitelistSignedLeaf: true,
				},
			},
			2, 1,
		},
	}

	for _, c := range cases {
		t.Log(c.testID)
		opts, err := tlsopts.NewOptions(fi, c.config)
		assert.NoError(t, err)
		assert.True(t, reflect.DeepEqual(fi, opts.Ident))
		assert.Equal(t, c.config, opts.Config)
		assert.Len(t, opts.VerificationFuncs.Client(), c.clientVerificationFuncsLen)
		assert.Len(t, opts.VerificationFuncs.Server(), c.serverVerificationFuncsLen)
	}
}

func TestOptions_ServerOption_Peer_CA_Whitelist(t *testing.T) {
	ctx := testcontext.New(t)

	planet, err := testplanet.New(t, 0, 2, 0)
	require.NoError(t, err)

	planet.Start(ctx)
	defer ctx.Check(planet.Shutdown)

	target := planet.StorageNodes[1].Local()

	testidentity.CompleteIdentityVersionsTest(t, func(t *testing.T, version storj.IDVersion, ident *identity.FullIdentity) {
		opts, err := tlsopts.NewOptions(ident, tlsopts.Config{
			PeerIDVersions: "*",
		})
		require.NoError(t, err)

		dialOption, err := opts.DialOption(target.Id)
		require.NoError(t, err)

		transportClient := transport.NewClient(opts)

		conn, err := transportClient.DialNode(ctx, &target.Node, dialOption)
		assert.NotNil(t, conn)
		assert.NoError(t, err)

		assert.NoError(t, conn.Close())
	})
}

func TestOptions_DialOption_error_on_empty_ID(t *testing.T) {
	testidentity.CompleteIdentityVersionsTest(t, func(t *testing.T, version storj.IDVersion, ident *identity.FullIdentity) {
		opts, err := tlsopts.NewOptions(ident, tlsopts.Config{
			PeerIDVersions: "*",
		})
		require.NoError(t, err)

		dialOption, err := opts.DialOption(storj.NodeID{})
		assert.Nil(t, dialOption)
		assert.Error(t, err)
	})
}

func TestOptions_DialUnverifiedIDOption(t *testing.T) {
	testidentity.CompleteIdentityVersionsTest(t, func(t *testing.T, version storj.IDVersion, ident *identity.FullIdentity) {
		opts, err := tlsopts.NewOptions(ident, tlsopts.Config{
			PeerIDVersions: "*",
		})
		require.NoError(t, err)

		dialOption := opts.DialUnverifiedIDOption()
		assert.NotNil(t, dialOption)
	})
}
updates copyright 2018 to 2019 (#1133) 2019-01-24 20:15:10 +00:00			`// Copyright (C) 2019 Storj Labs, Inc.`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`// See LICENSE for copying information.`

pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections. 2019-02-11 11:17:32 +00:00			`package tlsopts_test`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00
			`import (`
			`"io/ioutil"`
			`"reflect"`
			`"testing"`

			`"github.com/stretchr/testify/assert"`
use peer ca whitelist in testplanet (#1337) 2019-02-25 07:38:03 +00:00			`"github.com/stretchr/testify/require"`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00
			`"storj.io/storj/internal/testcontext"`
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`"storj.io/storj/internal/testidentity"`
use peer ca whitelist in testplanet (#1337) 2019-02-25 07:38:03 +00:00			`"storj.io/storj/internal/testplanet"`
[V3-1147] Ensure certificate validation happens properly (#1403) * add regression test & update transport tests * separate client and server verificiation functions * goimports 2019-03-06 14:42:34 +00:00			`"storj.io/storj/pkg/identity"`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`"storj.io/storj/pkg/peertls"`
TLS extension handling overhaul (#1458) 2019-03-25 21:52:12 +00:00			`"storj.io/storj/pkg/peertls/extensions"`
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections. 2019-02-11 11:17:32 +00:00			`"storj.io/storj/pkg/peertls/tlsopts"`
[V3-1320] fix empty node ID verification non-error (#1395) * small identity refactor: + Optimize? iterative cert chain methods to use array instead of slice + Add `ToChain` helper for converting 1d to 2d cert chain TODO: replace literal declarations with this + rename `ChainRaw/RestChainRaw` to `RawChain/RawRestChain` (adjective noun, instead of nound adjective) * add regression tests for V3-1320 * fix V3-1320 * separate `DialUnverifiedIDOption` from `DialOption` * separate `PingNode` and `DialNode` from `PingAddress` and `DialAddress` * update node ID while bootstrapping * goimports & fix comment * add test case 2019-03-04 20:03:33 +00:00			`"storj.io/storj/pkg/storj"`
[V3-1147] Ensure certificate validation happens properly (#1403) * add regression test & update transport tests * separate client and server verificiation functions * goimports 2019-03-06 14:42:34 +00:00			`"storj.io/storj/pkg/transport"`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`)`

			`func TestNewOptions(t *testing.T) {`
TLS extension handling overhaul (#1458) 2019-03-25 21:52:12 +00:00			`// TODO: this is not a great test...`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`ctx := testcontext.New(t)`
			`defer ctx.Cleanup()`

Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`fi, err := testidentity.PregeneratedIdentity(0, storj.LatestIDVersion())`
use peer ca whitelist in testplanet (#1337) 2019-02-25 07:38:03 +00:00			`require.NoError(t, err)`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00
			`whitelistPath := ctx.File("whitelist.pem")`

			`chainData, err := peertls.ChainBytes(fi.CA)`
			`assert.NoError(t, err)`

			`err = ioutil.WriteFile(whitelistPath, chainData, 0644)`
			`assert.NoError(t, err)`

			`cases := []struct {`
[V3-1147] Ensure certificate validation happens properly (#1403) * add regression test & update transport tests * separate client and server verificiation functions * goimports 2019-03-06 14:42:34 +00:00			`testID string`
			`config tlsopts.Config`
			`clientVerificationFuncsLen int`
			`serverVerificationFuncsLen int`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`}{`
			`{`
			`"default",`
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections. 2019-02-11 11:17:32 +00:00			`tlsopts.Config{},`
TLS extension handling overhaul (#1458) 2019-03-25 21:52:12 +00:00			`1, 1,`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`}, {`
			`"revocation processing",`
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections. 2019-02-11 11:17:32 +00:00			`tlsopts.Config{`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`RevocationDBURL: "bolt://" + ctx.File("revocation1.db"),`
TLS extension handling overhaul (#1458) 2019-03-25 21:52:12 +00:00			`Extensions: extensions.Config{`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`Revocation: true,`
			`},`
			`},`
TLS extension handling overhaul (#1458) 2019-03-25 21:52:12 +00:00			`1, 1,`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`}, {`
			`"ca whitelist verification",`
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections. 2019-02-11 11:17:32 +00:00			`tlsopts.Config{`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`PeerCAWhitelistPath: whitelistPath,`
pkg/server: include production cert (#1082) Change-Id: Ie8e6fe78550be83c3bd797db7a1e58d37c684792 2019-01-17 17:36:45 +00:00			`UsePeerCAWhitelist: true,`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`},`
TLS extension handling overhaul (#1458) 2019-03-25 21:52:12 +00:00			`2, 1,`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`}, {`
			`"ca whitelist verification and whitelist signed leaf verification",`
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections. 2019-02-11 11:17:32 +00:00			`tlsopts.Config{`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`// NB: file doesn't actually exist`
			`PeerCAWhitelistPath: whitelistPath,`
pkg/server: include production cert (#1082) Change-Id: Ie8e6fe78550be83c3bd797db7a1e58d37c684792 2019-01-17 17:36:45 +00:00			`UsePeerCAWhitelist: true,`
TLS extension handling overhaul (#1458) 2019-03-25 21:52:12 +00:00			`Extensions: extensions.Config{`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`WhitelistSignedLeaf: true,`
			`},`
			`},`
[V3-1147] Ensure certificate validation happens properly (#1403) * add regression test & update transport tests * separate client and server verificiation functions * goimports 2019-03-06 14:42:34 +00:00			`2, 1,`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`}, {`
			`"revocation processing and whitelist verification",`
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections. 2019-02-11 11:17:32 +00:00			`tlsopts.Config{`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`// NB: file doesn't actually exist`
			`PeerCAWhitelistPath: whitelistPath,`
pkg/server: include production cert (#1082) Change-Id: Ie8e6fe78550be83c3bd797db7a1e58d37c684792 2019-01-17 17:36:45 +00:00			`UsePeerCAWhitelist: true,`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`RevocationDBURL: "bolt://" + ctx.File("revocation2.db"),`
TLS extension handling overhaul (#1458) 2019-03-25 21:52:12 +00:00			`Extensions: extensions.Config{`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`Revocation: true,`
			`},`
			`},`
TLS extension handling overhaul (#1458) 2019-03-25 21:52:12 +00:00			`2, 1,`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`}, {`
			`"revocation processing, whitelist, and signed leaf verification",`
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections. 2019-02-11 11:17:32 +00:00			`tlsopts.Config{`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`// NB: file doesn't actually exist`
			`PeerCAWhitelistPath: whitelistPath,`
pkg/server: include production cert (#1082) Change-Id: Ie8e6fe78550be83c3bd797db7a1e58d37c684792 2019-01-17 17:36:45 +00:00			`UsePeerCAWhitelist: true,`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`RevocationDBURL: "bolt://" + ctx.File("revocation3.db"),`
TLS extension handling overhaul (#1458) 2019-03-25 21:52:12 +00:00			`Extensions: extensions.Config{`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`Revocation: true,`
			`WhitelistSignedLeaf: true,`
			`},`
			`},`
TLS extension handling overhaul (#1458) 2019-03-25 21:52:12 +00:00			`2, 1,`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`},`
			`}`

			`for _, c := range cases {`
			`t.Log(c.testID)`
pkg/transport: require tls configuration for dialing (#1286) * separate TLS options from server options (because we need them for dialing too) * stop creating transports in multiple places * ensure that we actually check revocation, whitelists, certificate signing, etc, for all connections. 2019-02-11 11:17:32 +00:00			`opts, err := tlsopts.NewOptions(fi, c.config)`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`assert.NoError(t, err)`
			`assert.True(t, reflect.DeepEqual(fi, opts.Ident))`
			`assert.Equal(t, c.config, opts.Config)`
[V3-1147] Ensure certificate validation happens properly (#1403) * add regression test & update transport tests * separate client and server verificiation functions * goimports 2019-03-06 14:42:34 +00:00			`assert.Len(t, opts.VerificationFuncs.Client(), c.clientVerificationFuncsLen)`
			`assert.Len(t, opts.VerificationFuncs.Server(), c.serverVerificationFuncsLen)`
			`}`
			`}`

			`func TestOptions_ServerOption_Peer_CA_Whitelist(t *testing.T) {`
			`ctx := testcontext.New(t)`

			`planet, err := testplanet.New(t, 0, 2, 0)`
			`require.NoError(t, err)`

			`planet.Start(ctx)`
			`defer ctx.Check(planet.Shutdown)`

			`target := planet.StorageNodes[1].Local()`

Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`testidentity.CompleteIdentityVersionsTest(t, func(t testing.T, version storj.IDVersion, ident identity.FullIdentity) {`
			`opts, err := tlsopts.NewOptions(ident, tlsopts.Config{`
Identity versioning fix (#1721) 2019-04-09 18:01:45 +01:00			`PeerIDVersions: "*",`
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`})`
			`require.NoError(t, err)`
[V3-1147] Ensure certificate validation happens properly (#1403) * add regression test & update transport tests * separate client and server verificiation functions * goimports 2019-03-06 14:42:34 +00:00
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`dialOption, err := opts.DialOption(target.Id)`
			`require.NoError(t, err)`
[V3-1147] Ensure certificate validation happens properly (#1403) * add regression test & update transport tests * separate client and server verificiation functions * goimports 2019-03-06 14:42:34 +00:00
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`transportClient := transport.NewClient(opts)`
[V3-1147] Ensure certificate validation happens properly (#1403) * add regression test & update transport tests * separate client and server verificiation functions * goimports 2019-03-06 14:42:34 +00:00
Refactor pb.Node protobuf (#1785) 2019-04-22 10:07:50 +01:00			`conn, err := transportClient.DialNode(ctx, &target.Node, dialOption)`
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`assert.NotNil(t, conn)`
			`assert.NoError(t, err)`
Fix some leaks and add notes about close handling (#2334) 2019-06-25 21:00:51 +01:00
			`assert.NoError(t, conn.Close())`
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`})`
pkg/provider: split into pkg/server, pkg/identity (#953) 2019-01-02 10:23:25 +00:00			`}`
[V3-1320] fix empty node ID verification non-error (#1395) * small identity refactor: + Optimize? iterative cert chain methods to use array instead of slice + Add `ToChain` helper for converting 1d to 2d cert chain TODO: replace literal declarations with this + rename `ChainRaw/RestChainRaw` to `RawChain/RawRestChain` (adjective noun, instead of nound adjective) * add regression tests for V3-1320 * fix V3-1320 * separate `DialUnverifiedIDOption` from `DialOption` * separate `PingNode` and `DialNode` from `PingAddress` and `DialAddress` * update node ID while bootstrapping * goimports & fix comment * add test case 2019-03-04 20:03:33 +00:00
			`func TestOptions_DialOption_error_on_empty_ID(t *testing.T) {`
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`testidentity.CompleteIdentityVersionsTest(t, func(t testing.T, version storj.IDVersion, ident identity.FullIdentity) {`
			`opts, err := tlsopts.NewOptions(ident, tlsopts.Config{`
Identity versioning fix (#1721) 2019-04-09 18:01:45 +01:00			`PeerIDVersions: "*",`
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`})`
			`require.NoError(t, err)`
[V3-1320] fix empty node ID verification non-error (#1395) * small identity refactor: + Optimize? iterative cert chain methods to use array instead of slice + Add `ToChain` helper for converting 1d to 2d cert chain TODO: replace literal declarations with this + rename `ChainRaw/RestChainRaw` to `RawChain/RawRestChain` (adjective noun, instead of nound adjective) * add regression tests for V3-1320 * fix V3-1320 * separate `DialUnverifiedIDOption` from `DialOption` * separate `PingNode` and `DialNode` from `PingAddress` and `DialAddress` * update node ID while bootstrapping * goimports & fix comment * add test case 2019-03-04 20:03:33 +00:00
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`dialOption, err := opts.DialOption(storj.NodeID{})`
			`assert.Nil(t, dialOption)`
			`assert.Error(t, err)`
			`})`
[V3-1320] fix empty node ID verification non-error (#1395) * small identity refactor: + Optimize? iterative cert chain methods to use array instead of slice + Add `ToChain` helper for converting 1d to 2d cert chain TODO: replace literal declarations with this + rename `ChainRaw/RestChainRaw` to `RawChain/RawRestChain` (adjective noun, instead of nound adjective) * add regression tests for V3-1320 * fix V3-1320 * separate `DialUnverifiedIDOption` from `DialOption` * separate `PingNode` and `DialNode` from `PingAddress` and `DialAddress` * update node ID while bootstrapping * goimports & fix comment * add test case 2019-03-04 20:03:33 +00:00			`}`

			`func TestOptions_DialUnverifiedIDOption(t *testing.T) {`
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`testidentity.CompleteIdentityVersionsTest(t, func(t testing.T, version storj.IDVersion, ident identity.FullIdentity) {`
			`opts, err := tlsopts.NewOptions(ident, tlsopts.Config{`
Identity versioning fix (#1721) 2019-04-09 18:01:45 +01:00			`PeerIDVersions: "*",`
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`})`
			`require.NoError(t, err)`
[V3-1320] fix empty node ID verification non-error (#1395) * small identity refactor: + Optimize? iterative cert chain methods to use array instead of slice + Add `ToChain` helper for converting 1d to 2d cert chain TODO: replace literal declarations with this + rename `ChainRaw/RestChainRaw` to `RawChain/RawRestChain` (adjective noun, instead of nound adjective) * add regression tests for V3-1320 * fix V3-1320 * separate `DialUnverifiedIDOption` from `DialOption` * separate `PingNode` and `DialNode` from `PingAddress` and `DialAddress` * update node ID while bootstrapping * goimports & fix comment * add test case 2019-03-04 20:03:33 +00:00
Identity versioning (#1389) 2019-04-08 19:15:19 +01:00			`dialOption := opts.DialUnverifiedIDOption()`
			`assert.NotNil(t, dialOption)`
			`})`
[V3-1320] fix empty node ID verification non-error (#1395) * small identity refactor: + Optimize? iterative cert chain methods to use array instead of slice + Add `ToChain` helper for converting 1d to 2d cert chain TODO: replace literal declarations with this + rename `ChainRaw/RestChainRaw` to `RawChain/RawRestChain` (adjective noun, instead of nound adjective) * add regression tests for V3-1320 * fix V3-1320 * separate `DialUnverifiedIDOption` from `DialOption` * separate `PingNode` and `DialNode` from `PingAddress` and `DialAddress` * update node ID while bootstrapping * goimports & fix comment * add test case 2019-03-04 20:03:33 +00:00			`}`