diff --git a/internal/cert/client_cert.go b/internal/cert/client_cert.go index 9bb58af..1b7b893 100644 --- a/internal/cert/client_cert.go +++ b/internal/cert/client_cert.go @@ -6,6 +6,7 @@ import ( "crypto/x509" "crypto/x509/pkix" "encoding/pem" + "errors" "fmt" "time" @@ -44,6 +45,10 @@ func newClientCert(config *client.ClientCertConfig, rootCA *x509.Certificate, ro } block, _ := pem.Decode(rootKeyPEM) + if block == nil { + return nil, nil, errors.New("pem.Decode") + } + caPrivKey, err := x509.ParsePKCS8PrivateKey(block.Bytes) if err != nil { return nil, nil, fmt.Errorf("x509.ParsePKCS8PrivateKey: %s", err) diff --git a/internal/cert/client_cert_test.go b/internal/cert/client_cert_test.go index 208a479..9b5ef37 100644 --- a/internal/cert/client_cert_test.go +++ b/internal/cert/client_cert_test.go @@ -1,18 +1,36 @@ package cert import ( - "crypto/x509" "testing" "github.com/stretchr/testify/require" - "gitlab.com/urkob/go-cert-gen/pkg/client" ) func Test_newClientCert(t *testing.T) { - var config *client.ClientCertConfig - var rootCA *x509.Certificate - var rootKeyPEM []byte - - _, _, err := newClientCert(config, rootCA, rootKeyPEM) + ca, err := NewRootCA(&rootTestConfig) require.NoError(t, err) + require.NotNil(t, ca) + + require.NotNil(t, ca.Key()) + require.Greater(t, len(ca.Key()), 0) + + require.NotNil(t, ca.PEM()) + require.Greater(t, len(ca.PEM()), 0) + + x509RootCA, err := parseCertificate(ca.PEM()) + require.NoError(t, err) + + pem, key, err := newClientCert(&clientTestConfig, x509RootCA, ca.Key()) + require.NoError(t, err) + + require.NotNil(t, pem) + require.Greater(t, len(pem), 0) + + require.NotNil(t, key) + require.Greater(t, len(key), 0) +} + +func Test_newClientCertErrr(t *testing.T) { + _, _, err := newClientCert(&clientTestConfig, nil, []byte{}) + require.Error(t, err) } diff --git a/internal/cert/root_ca.go b/internal/cert/root_ca.go index 55b02f9..4a5bf7e 100644 --- a/internal/cert/root_ca.go +++ b/internal/cert/root_ca.go @@ -8,6 +8,7 @@ import ( "crypto/x509" "crypto/x509/pkix" "encoding/pem" + "errors" "fmt" "time" @@ -52,6 +53,9 @@ func (r *rootCA) WithClientCert(config *client.ClientCertConfig) (client.ClientC // Create a self-signed certificate. func newRootCA(config *ca.CaConfig) ([]byte, []byte, error) { + if config == nil { + return nil, nil, errors.New("ca.CaConfig config is nil") + } priv, err := newPrivateKey() if err != nil { return nil, nil, fmt.Errorf("newPrivateKey: %s", err) diff --git a/internal/cert/root_ca_test.go b/internal/cert/root_ca_test.go index 3f2612a..7de3e1d 100644 --- a/internal/cert/root_ca_test.go +++ b/internal/cert/root_ca_test.go @@ -1,6 +1,7 @@ package cert import ( + "crypto/ecdsa" "crypto/elliptic" "crypto/x509" "math/big" @@ -52,7 +53,7 @@ func Test_newPrivateKey(t *testing.T) { require.NoError(t, err) require.NotEmpty(t, privKey.PublicKey.Params().Name) - require.Equal(t, elliptic.P256(), privKey.PublicKey.Params().Name) + require.Equal(t, elliptic.P256().Params().Name, privKey.PublicKey.Params().Name) } func Test_encodePrivateKey(t *testing.T) { @@ -66,6 +67,12 @@ func Test_encodePrivateKey(t *testing.T) { require.Greater(t, len(bytes), 0) } +func Test_encodePrivateKeyError(t *testing.T) { + key := ecdsa.PrivateKey{} + _, err := encodePrivateKey(&key) + require.Error(t, err) +} + func Test_newRootCA(t *testing.T) { caPEM, keyPEM, err := newRootCA(&rootTestConfig) @@ -88,12 +95,22 @@ func Test_parseCertificate(t *testing.T) { require.Equal(t, rootCert.Issuer.CommonName, rootTestConfig.Subject.CommonName) } +func Test_parseCertificateError(t *testing.T) { + _, err := parseCertificate([]byte{}) + require.Error(t, err) +} + func TestNewRootCA(t *testing.T) { rootCert, err := NewRootCA(&rootTestConfig) require.NoError(t, err) require.NotNil(t, rootCert) } +func TestNewRootCAERror(t *testing.T) { + _, err := NewRootCA(nil) + require.Error(t, err) +} + func Test_rootCA_WithClientCert(t *testing.T) { rootCert, err := NewRootCA(&rootTestConfig) require.NoError(t, err)