feat: add tests

3 months ago · ef2112534c
parent 8d9c1542dd
commit ef2112534c
6 changed files with 275 additions and 115 deletions
--- a/9
+++ b/9
@ -1,6 +1,13 @@
+COVERAGE_DIR=coverage
+
 lint:
 	golangci-lint run ./...
 goreportcard:
 	goreportcard-cli -v
 test: 
-	go test ./...
+	go test ./...
+test-coverage:
+	rm -rf ${COVERAGE_DIR}
+	mkdir ${COVERAGE_DIR}
+	go test -v -coverprofile ${COVERAGE_DIR}/cover.out ./...
+	go tool cover -html ${COVERAGE_DIR}/cover.out -o ${COVERAGE_DIR}/cover.html
--- a/go.mod
+++ b/go.mod
@ -7,15 +7,18 @@ require (
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/spf13/cobra v1.6.1
 	github.com/spf13/viper v1.15.0
+	github.com/stretchr/testify v1.8.1
 )

 require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/spf13/afero v1.9.3 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
--- a/internal/cert/client_cert.go
+++ b/internal/cert/client_cert.go
@ -0,0 +1,75 @@
+package cert
+
+import (
+	"bytes"
+	"crypto/rand"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"fmt"
+	"time"
+
+	"gitlab.com/urkob/go-cert-gen/pkg/client"
+)
+
+type clientCert struct {
+	certPEM []byte
+	keyPEM  []byte
+}
+
+func (c *clientCert) Key() []byte {
+	return c.keyPEM
+}
+
+func (c *clientCert) PEM() []byte {
+	return c.certPEM
+}
+
+func newClientCert(config *client.ClientCertConfig, rootCA *x509.Certificate, rootKeyPEM []byte) ([]byte, []byte, error) {
+	template := &x509.Certificate{
+		SerialNumber: config.Serial,
+		Subject: pkix.Name{
+			Organization:  []string{config.Subject.Organization},
+			Country:       []string{config.Subject.Country},
+			Province:      []string{config.Subject.Province},
+			Locality:      []string{config.Subject.Locality},
+			StreetAddress: []string{config.Subject.StreetAddress},
+			PostalCode:    []string{config.Subject.PostalCode},
+		},
+		NotBefore:    time.Now(),
+		NotAfter:     time.Now().Add(config.Duration),
+		SubjectKeyId: config.SubjectKeyId,
+		ExtKeyUsage:  config.ExtKeyUsage,
+		KeyUsage:     config.KeyUsage,
+	}
+
+	block, _ := pem.Decode(rootKeyPEM)
+	caPrivKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+	if err != nil {
+		return nil, nil, fmt.Errorf("x509.ParsePKCS8PrivateKey: %s", err)
+	}
+
+	priv, err := newPrivateKey()
+	if err != nil {
+		return nil, nil, fmt.Errorf("newPrivateKey: %s", err)
+	}
+
+	der, err := x509.CreateCertificate(rand.Reader, template, rootCA, &priv.PublicKey, caPrivKey)
+	if err != nil {
+		return nil, nil, fmt.Errorf("x509.CreateCertificate: %s", err)
+	}
+
+	out := &bytes.Buffer{}
+	err = pem.Encode(out, &pem.Block{Type: CERTIFICATE, Bytes: der})
+	if err != nil {
+		return nil, nil, fmt.Errorf("pem.Encode: %s", err)
+	}
+
+	certPEM := out.Bytes()
+	keyPEM, err := encodePrivateKey(priv)
+	if err != nil {
+		return nil, nil, fmt.Errorf("encodePrivateKey: %s", err)
+	}
+
+	return certPEM, keyPEM, nil
+}
--- a/internal/cert/client_cert_test.go
+++ b/internal/cert/client_cert_test.go
@ -0,0 +1,18 @@
+package cert
+
+import (
+	"crypto/x509"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"gitlab.com/urkob/go-cert-gen/pkg/client"
+)
+
+func Test_newClientCert(t *testing.T) {
+	var config *client.ClientCertConfig
+	var rootCA *x509.Certificate
+	var rootKeyPEM []byte
+
+	_, _, err := newClientCert(config, rootCA, rootKeyPEM)
+	require.NoError(t, err)
+}
--- a/internal/cert/root_ca.go
+++ b/internal/cert/root_ca.go
@ -9,49 +9,45 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
-	"log"
 	"time"

 	"gitlab.com/urkob/go-cert-gen/pkg/ca"
-
 	"gitlab.com/urkob/go-cert-gen/pkg/client"
 )

-// Creates a new 512bit private key.
-func newPrivateKey() (*ecdsa.PrivateKey, error) {
-	priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	if err != nil {
-		return nil, fmt.Errorf("ecdsa: %s", err)
-	}
+const (
+	CERTIFICATE = "CERTIFICATE"
+	PRIVATE_KEY = "PRIVATE KEY"
+)

-	return priv, nil
+type rootCA struct {
+	caPEM  []byte
+	keyPEM []byte
 }

-// Parse a text PEM file into a x509 cert.
-func parseCertificate(data []byte) (*x509.Certificate, error) {
-	block, _ := pem.Decode(data)
-	if block == nil {
-		return nil, fmt.Errorf("parseCertificate (pem.Decode)")
-	}
-	cert, err := x509.ParseCertificate(block.Bytes)
+func (r *rootCA) Key() []byte {
+	return r.keyPEM
+}
+
+func (r *rootCA) PEM() []byte {
+	return r.caPEM
+}
+
+func (r *rootCA) WithClientCert(config *client.ClientCertConfig) (client.ClientCertIface, error) {
+	x509RootCA, err := parseCertificate(r.caPEM)
 	if err != nil {
-		return nil, fmt.Errorf("parseCertificate: %w", err)
+		return nil, fmt.Errorf("parseCertificate: %s", err)
 	}
-	return cert, nil
-}

-// Encodes a private key into PEM.
-func encodePrivateKey(priv *ecdsa.PrivateKey) ([]byte, error) {
-	out := &bytes.Buffer{}
-	privBytes, err := x509.MarshalPKCS8PrivateKey(priv)
+	clientCertPEM, clientKeyPEM, err := newClientCert(config, x509RootCA, r.keyPEM)
 	if err != nil {
-		return nil, fmt.Errorf("marshal: %s", err)
+		return nil, fmt.Errorf("newClientCert: %s", err)
 	}
-	err = pem.Encode(out, &pem.Block{
-		Type:  "PRIVATE KEY",
-		Bytes: privBytes,
-	})
-	return out.Bytes(), err
+
+	return &clientCert{
+		certPEM: clientCertPEM,
+		keyPEM:  clientKeyPEM,
+	}, nil
 }

 // Create a self-signed certificate.
@ -80,7 +76,7 @@ func newRootCA(config *ca.CaConfig) ([]byte, []byte, error) {
 	}

 	out := &bytes.Buffer{}
-	err = pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: der})
+	err = pem.Encode(out, &pem.Block{Type: CERTIFICATE, Bytes: der})
 	if err != nil {
 		return nil, nil, fmt.Errorf("pem.Encode: %s", err)
 	}
@ -94,106 +90,56 @@ func newRootCA(config *ca.CaConfig) ([]byte, []byte, error) {
 	return caPEM, keyPEM, nil
 }

-func newClientCert(config *client.ClientCertConfig, rootCA *x509.Certificate, rootKeyPEM []byte) ([]byte, []byte, error) {
-	template := &x509.Certificate{
-		SerialNumber: config.Serial,
-		Subject: pkix.Name{
-			Organization:  []string{config.Subject.Organization},
-			Country:       []string{config.Subject.Country},
-			Province:      []string{config.Subject.Province},
-			Locality:      []string{config.Subject.Locality},
-			StreetAddress: []string{config.Subject.StreetAddress},
-			PostalCode:    []string{config.Subject.PostalCode},
-		},
-		NotBefore:    time.Now(),
-		NotAfter:     time.Now().Add(config.Duration),
-		SubjectKeyId: config.SubjectKeyId,
-		ExtKeyUsage:  config.ExtKeyUsage,
-		KeyUsage:     config.KeyUsage,
-	}
-
-	block, _ := pem.Decode(rootKeyPEM)
-	caPrivKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
-	if err != nil {
-		log.Fatalf("x509.ParsePKCS8PrivateKey: %s", err)
-	}
-
-	priv, err := newPrivateKey()
-	if err != nil {
-		return nil, nil, fmt.Errorf("newPrivateKey: %s", err)
-	}
-
-	der, err := x509.CreateCertificate(rand.Reader, template, rootCA, &priv.PublicKey, caPrivKey)
+func NewRootCA(config *ca.CaConfig) (ca.RootCACertificateIface, error) {
+	caPEM, keyPEM, err := newRootCA(config)
 	if err != nil {
-		return nil, nil, fmt.Errorf("x509.CreateCertificate: %s", err)
+		return nil, fmt.Errorf("newRootCA: %s", err)
 	}

-	out := &bytes.Buffer{}
-	err = pem.Encode(out, &pem.Block{Type: "CERTIFICATE", Bytes: der})
-	if err != nil {
-		return nil, nil, fmt.Errorf("pem.Encode: %s", err)
-	}
+	return &rootCA{
+		caPEM:  caPEM,
+		keyPEM: keyPEM,
+	}, nil
+}

-	certPEM := out.Bytes()
-	keyPEM, err := encodePrivateKey(priv)
+// Creates a new 512bit private key.
+func newPrivateKey() (*ecdsa.PrivateKey, error) {
+	priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
-		return nil, nil, fmt.Errorf("encodePrivateKey: %s", err)
+		return nil, fmt.Errorf("ecdsa: %s", err)
 	}

-	return certPEM, keyPEM, nil
-}
-
-type rootCA struct {
-	caPEM  []byte
-	keyPEM []byte
-}
-
-type clientCert struct {
-	certPEM []byte
-	keyPEM  []byte
-}
-
-func (c *clientCert) Key() []byte {
-	return c.keyPEM
-}
-
-func (c *clientCert) PEM() []byte {
-	return c.certPEM
+	return priv, nil
 }

-func (r *rootCA) WithClientCert(config *client.ClientCertConfig) (client.ClientCertIface, error) {
-	x509RootCA, err := parseCertificate(r.caPEM)
-	if err != nil {
-		return nil, fmt.Errorf("parseCertificate: %s", err)
+// Parse a text PEM file into a x509 cert.
+func parseCertificate(data []byte) (*x509.Certificate, error) {
+	block, _ := pem.Decode(data)
+	if block == nil {
+		return nil, fmt.Errorf("parseCertificate (pem.Decode)")
 	}
-
-	clientCertPEM, clientKeyPEM, err := newClientCert(config, x509RootCA, r.keyPEM)
+	cert, err := x509.ParseCertificate(block.Bytes)
 	if err != nil {
-		return nil, fmt.Errorf("newClientCert: %s", err)
+		return nil, fmt.Errorf("parseCertificate: %w", err)
 	}
-
-	return &clientCert{
-		certPEM: clientCertPEM,
-		keyPEM:  clientKeyPEM,
-	}, nil
-}
-
-func (r *rootCA) Key() []byte {
-	return r.keyPEM
+	return cert, nil
 }

-func (r *rootCA) PEM() []byte {
-	return r.caPEM
-}
+// Encodes a private key into PEM.
+func encodePrivateKey(priv *ecdsa.PrivateKey) ([]byte, error) {
+	out := &bytes.Buffer{}
+	privBytes, err := x509.MarshalPKCS8PrivateKey(priv)
+	if err != nil {
+		return nil, fmt.Errorf("x509.MarshalPKCS8PrivateKey: %s", err)
+	}

-func NewRootCA(config *ca.CaConfig) (ca.RootCACertificateIface, error) {
-	caPEM, keyPEM, err := newRootCA(config)
+	err = pem.Encode(out, &pem.Block{
+		Type:  PRIVATE_KEY,
+		Bytes: privBytes,
+	})
 	if err != nil {
-		return nil, fmt.Errorf("newRootCA: %s", err)
+		return nil, err
 	}

-	return &rootCA{
-		caPEM:  caPEM,
-		keyPEM: keyPEM,
-	}, nil
+	return out.Bytes(), nil
 }
--- a/internal/cert/root_ca_test.go
+++ b/internal/cert/root_ca_test.go
@ -0,0 +1,111 @@
+package cert
+
+import (
+	"crypto/elliptic"
+	"crypto/x509"
+	"math/big"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+	"gitlab.com/urkob/go-cert-gen/pkg/ca"
+	"gitlab.com/urkob/go-cert-gen/pkg/client"
+)
+
+const year = time.Hour * 24 * 365
+
+var rootTestConfig = ca.CaConfig{
+	SerialNumber: big.NewInt(12321),
+	Subject: ca.CaSubject{
+		Organization: "test-organization",
+		CommonName:   "test-organization",
+	},
+	KeyUsage: x509.KeyUsageDigitalSignature,
+	ExtKeyUsage: []x509.ExtKeyUsage{
+		x509.ExtKeyUsageServerAuth,
+		x509.ExtKeyUsageClientAuth,
+	},
+	Duration: year,
+}
+
+var clientTestConfig = client.ClientCertConfig{
+	Serial: big.NewInt(12321),
+	Subject: client.Subject{
+		Organization:  rootTestConfig.Subject.Organization,
+		Country:       "REML",
+		Province:      "REML",
+		Locality:      "REML",
+		StreetAddress: "c/o Sovereign 7 rural free delivery",
+		PostalCode:    "[Near 777]",
+	},
+	Duration:     year,
+	SubjectKeyId: []byte{1, 2, 3, 4, 6},
+	ExtKeyUsage: []x509.ExtKeyUsage{
+		x509.ExtKeyUsageServerAuth,
+		x509.ExtKeyUsageClientAuth,
+	},
+	KeyUsage: x509.KeyUsageDigitalSignature,
+}
+
+func Test_newPrivateKey(t *testing.T) {
+	privKey, err := newPrivateKey()
+	require.NoError(t, err)
+
+	require.NotEmpty(t, privKey.PublicKey.Params().Name)
+	require.Equal(t, elliptic.P256(), privKey.PublicKey.Params().Name)
+}
+
+func Test_encodePrivateKey(t *testing.T) {
+	privKey, err := newPrivateKey()
+	require.NoError(t, err)
+
+	bytes, err := encodePrivateKey(privKey)
+	require.NoError(t, err)
+
+	require.NotNil(t, bytes)
+	require.Greater(t, len(bytes), 0)
+}
+
+func Test_newRootCA(t *testing.T) {
+	caPEM, keyPEM, err := newRootCA(&rootTestConfig)
+
+	require.NoError(t, err)
+	require.NotNil(t, caPEM)
+	require.Greater(t, len(caPEM), 0)
+	require.NotNil(t, keyPEM)
+	require.Greater(t, len(keyPEM), 0)
+}
+
+func Test_parseCertificate(t *testing.T) {
+	caPEM, _, err := newRootCA(&rootTestConfig)
+	require.NoError(t, err)
+
+	rootCert, err := parseCertificate(caPEM)
+	require.NoError(t, err)
+	require.NotNil(t, rootCert)
+	require.Equal(t, rootCert.SignatureAlgorithm, x509.ECDSAWithSHA256)
+	require.Equal(t, rootCert.Issuer.Organization, []string{rootTestConfig.Subject.Organization})
+	require.Equal(t, rootCert.Issuer.CommonName, rootTestConfig.Subject.CommonName)
+}
+
+func TestNewRootCA(t *testing.T) {
+	rootCert, err := NewRootCA(&rootTestConfig)
+	require.NoError(t, err)
+	require.NotNil(t, rootCert)
+}
+
+func Test_rootCA_WithClientCert(t *testing.T) {
+	rootCert, err := NewRootCA(&rootTestConfig)
+	require.NoError(t, err)
+	require.NotNil(t, rootCert)
+
+	clientSrv, err := rootCert.WithClientCert(&clientTestConfig)
+	require.NoError(t, err)
+	require.NotNil(t, clientSrv)
+
+	require.NotNil(t, clientSrv.Key())
+	require.Greater(t, len(clientSrv.Key()), 0)
+
+	require.NotNil(t, clientSrv.PEM())
+	require.Greater(t, len(clientSrv.PEM()), 0)
+}