func runHandshakeTestCase()

in cmd/conformance/main.go [255:313]

• 41 lines of code
• 9 McCabe index (conditional complexity)

func runHandshakeTestCase(ctx context.Context, t handshakeTest) error {
	c := newEKMClient(ctx, unprotectedKey)

	req := &sspb.BeginSessionRequest{
		TlsRecords: c.shim.DrainSendBuf(),
	}

	resp, err := c.client.BeginSession(ctx, req)
	if err != nil {
		return err
	}

	sessionContext := resp.GetSessionContext()
	if t.mutateSessionKey != nil {
		sessionContext = t.mutateSessionKey(sessionContext)
	}

	c.shim.QueueReceiveBuf(resp.GetTlsRecords())

	records := c.shim.DrainSendBuf()
	if t.mutateTLSRecords != nil {
		records = t.mutateTLSRecords(records)
	}

	if t.mutateJWT != nil {
		newToken, err := t.mutateJWT(ctx, c.client.GetJWTToken())
		if err != nil {
			glog.Fatalf("Error mutating JWT: %v", err)
		}
		c.client.SetJWTToken(newToken)
	}

	req2 := &sspb.HandshakeRequest{
		SessionContext: sessionContext,
		TlsRecords:     records,
	}

	_, err = c.client.Handshake(ctx, req2)
	if err != nil {
		return err
	}

	// Under TLS 1.3, the TLS implementation has nothing to return here.
	// However, attempting to call `c.tls.ConnectionState()` when the
	// server communicates with TLS 1.2 causes the client to hang
	// infinitely, so as a proxy, perform checks on the response records
	// only if they are non-nil.
	if len(resp.GetTlsRecords()) > 0 {
		records := resp.GetTlsRecords()

		// The handshake data itself is encrypted, so just verify that the
		// header for this segment of data is a handshake record.
		if records[0] != recordHeaderHandshake {
			return fmt.Errorf("Handshake record not received")
		}
	}

	return nil
}