2023-03-03 22:31:10 +01:00
|
|
|
package cert
|
|
|
|
|
|
|
|
import (
|
2023-03-03 22:44:57 +01:00
|
|
|
"crypto/ecdsa"
|
2023-03-03 22:31:10 +01:00
|
|
|
"crypto/elliptic"
|
|
|
|
"crypto/x509"
|
|
|
|
"math/big"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"gitlab.com/urkob/go-cert-gen/pkg/ca"
|
|
|
|
"gitlab.com/urkob/go-cert-gen/pkg/client"
|
|
|
|
)
|
|
|
|
|
|
|
|
const year = time.Hour * 24 * 365
|
|
|
|
|
|
|
|
var rootTestConfig = ca.CaConfig{
|
|
|
|
SerialNumber: big.NewInt(12321),
|
|
|
|
Subject: ca.CaSubject{
|
|
|
|
Organization: "test-organization",
|
|
|
|
CommonName: "test-organization",
|
|
|
|
},
|
|
|
|
KeyUsage: x509.KeyUsageDigitalSignature,
|
|
|
|
ExtKeyUsage: []x509.ExtKeyUsage{
|
|
|
|
x509.ExtKeyUsageServerAuth,
|
|
|
|
x509.ExtKeyUsageClientAuth,
|
|
|
|
},
|
|
|
|
Duration: year,
|
|
|
|
}
|
|
|
|
|
|
|
|
var clientTestConfig = client.ClientCertConfig{
|
|
|
|
Serial: big.NewInt(12321),
|
|
|
|
Subject: client.Subject{
|
|
|
|
Organization: rootTestConfig.Subject.Organization,
|
|
|
|
Country: "REML",
|
|
|
|
Province: "REML",
|
|
|
|
Locality: "REML",
|
|
|
|
StreetAddress: "c/o Sovereign 7 rural free delivery",
|
|
|
|
PostalCode: "[Near 777]",
|
|
|
|
},
|
|
|
|
Duration: year,
|
|
|
|
SubjectKeyId: []byte{1, 2, 3, 4, 6},
|
|
|
|
ExtKeyUsage: []x509.ExtKeyUsage{
|
|
|
|
x509.ExtKeyUsageServerAuth,
|
|
|
|
x509.ExtKeyUsageClientAuth,
|
|
|
|
},
|
|
|
|
KeyUsage: x509.KeyUsageDigitalSignature,
|
|
|
|
}
|
|
|
|
|
|
|
|
func Test_newPrivateKey(t *testing.T) {
|
|
|
|
privKey, err := newPrivateKey()
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
require.NotEmpty(t, privKey.PublicKey.Params().Name)
|
2023-03-03 22:44:57 +01:00
|
|
|
require.Equal(t, elliptic.P256().Params().Name, privKey.PublicKey.Params().Name)
|
2023-03-03 22:31:10 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func Test_encodePrivateKey(t *testing.T) {
|
|
|
|
privKey, err := newPrivateKey()
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
bytes, err := encodePrivateKey(privKey)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
require.NotNil(t, bytes)
|
|
|
|
require.Greater(t, len(bytes), 0)
|
|
|
|
}
|
|
|
|
|
2023-03-03 22:44:57 +01:00
|
|
|
func Test_encodePrivateKeyError(t *testing.T) {
|
|
|
|
key := ecdsa.PrivateKey{}
|
|
|
|
_, err := encodePrivateKey(&key)
|
|
|
|
require.Error(t, err)
|
|
|
|
}
|
|
|
|
|
2023-03-03 22:31:10 +01:00
|
|
|
func Test_newRootCA(t *testing.T) {
|
|
|
|
caPEM, keyPEM, err := newRootCA(&rootTestConfig)
|
|
|
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, caPEM)
|
|
|
|
require.Greater(t, len(caPEM), 0)
|
|
|
|
require.NotNil(t, keyPEM)
|
|
|
|
require.Greater(t, len(keyPEM), 0)
|
|
|
|
}
|
|
|
|
|
2023-03-05 00:04:41 +01:00
|
|
|
func Test_newRootCAError(t *testing.T) {
|
|
|
|
_, _, err := newRootCA(&ca.CaConfig{})
|
|
|
|
|
|
|
|
require.Error(t, err)
|
|
|
|
}
|
|
|
|
|
2023-03-03 22:31:10 +01:00
|
|
|
func Test_parseCertificate(t *testing.T) {
|
|
|
|
caPEM, _, err := newRootCA(&rootTestConfig)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
rootCert, err := parseCertificate(caPEM)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, rootCert)
|
|
|
|
require.Equal(t, rootCert.SignatureAlgorithm, x509.ECDSAWithSHA256)
|
|
|
|
require.Equal(t, rootCert.Issuer.Organization, []string{rootTestConfig.Subject.Organization})
|
|
|
|
require.Equal(t, rootCert.Issuer.CommonName, rootTestConfig.Subject.CommonName)
|
|
|
|
}
|
|
|
|
|
2023-03-03 22:44:57 +01:00
|
|
|
func Test_parseCertificateError(t *testing.T) {
|
|
|
|
_, err := parseCertificate([]byte{})
|
|
|
|
require.Error(t, err)
|
|
|
|
}
|
|
|
|
|
2023-03-03 22:31:10 +01:00
|
|
|
func TestNewRootCA(t *testing.T) {
|
|
|
|
rootCert, err := NewRootCA(&rootTestConfig)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, rootCert)
|
|
|
|
}
|
|
|
|
|
2023-03-03 22:44:57 +01:00
|
|
|
func TestNewRootCAERror(t *testing.T) {
|
|
|
|
_, err := NewRootCA(nil)
|
|
|
|
require.Error(t, err)
|
|
|
|
}
|
|
|
|
|
2023-03-03 22:31:10 +01:00
|
|
|
func Test_rootCA_WithClientCert(t *testing.T) {
|
|
|
|
rootCert, err := NewRootCA(&rootTestConfig)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, rootCert)
|
|
|
|
|
|
|
|
clientSrv, err := rootCert.WithClientCert(&clientTestConfig)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, clientSrv)
|
|
|
|
|
|
|
|
require.NotNil(t, clientSrv.Key())
|
|
|
|
require.Greater(t, len(clientSrv.Key()), 0)
|
|
|
|
|
|
|
|
require.NotNil(t, clientSrv.PEM())
|
|
|
|
require.Greater(t, len(clientSrv.PEM()), 0)
|
|
|
|
}
|
2023-03-05 00:04:41 +01:00
|
|
|
|
|
|
|
func Test_rootCA_WithClientCertEror(t *testing.T) {
|
|
|
|
rootCert := rootCA{
|
|
|
|
caPEM: nil,
|
|
|
|
}
|
|
|
|
|
|
|
|
_, err := rootCert.WithClientCert(&clientTestConfig)
|
|
|
|
require.Error(t, err)
|
|
|
|
}
|