package cert import ( "crypto/ecdsa" "crypto/elliptic" "crypto/x509" "math/big" "testing" "time" "github.com/stretchr/testify/require" "gitlab.com/urkob/go-cert-gen/pkg/ca" "gitlab.com/urkob/go-cert-gen/pkg/client" ) const year = time.Hour * 24 * 365 var rootTestConfig = ca.CaConfig{ SerialNumber: big.NewInt(12321), Subject: ca.CaSubject{ Organization: "test-organization", CommonName: "test-organization", }, KeyUsage: x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{ x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth, }, Duration: year, } var clientTestConfig = client.ClientCertConfig{ Serial: big.NewInt(12321), Subject: client.Subject{ Organization: rootTestConfig.Subject.Organization, Country: "REML", Province: "REML", Locality: "REML", StreetAddress: "c/o Sovereign 7 rural free delivery", PostalCode: "[Near 777]", }, Duration: year, SubjectKeyId: []byte{1, 2, 3, 4, 6}, ExtKeyUsage: []x509.ExtKeyUsage{ x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth, }, KeyUsage: x509.KeyUsageDigitalSignature, } func Test_newPrivateKey(t *testing.T) { privKey, err := newPrivateKey() require.NoError(t, err) require.NotEmpty(t, privKey.PublicKey.Params().Name) require.Equal(t, elliptic.P256().Params().Name, privKey.PublicKey.Params().Name) } func Test_encodePrivateKey(t *testing.T) { privKey, err := newPrivateKey() require.NoError(t, err) bytes, err := encodePrivateKey(privKey) require.NoError(t, err) require.NotNil(t, bytes) require.Greater(t, len(bytes), 0) } func Test_encodePrivateKeyError(t *testing.T) { key := ecdsa.PrivateKey{} _, err := encodePrivateKey(&key) require.Error(t, err) } func Test_newRootCA(t *testing.T) { caPEM, keyPEM, err := newRootCA(&rootTestConfig) require.NoError(t, err) require.NotNil(t, caPEM) require.Greater(t, len(caPEM), 0) require.NotNil(t, keyPEM) require.Greater(t, len(keyPEM), 0) } func Test_parseCertificate(t *testing.T) { caPEM, _, err := newRootCA(&rootTestConfig) require.NoError(t, err) rootCert, err := parseCertificate(caPEM) require.NoError(t, err) require.NotNil(t, rootCert) require.Equal(t, rootCert.SignatureAlgorithm, x509.ECDSAWithSHA256) require.Equal(t, rootCert.Issuer.Organization, []string{rootTestConfig.Subject.Organization}) require.Equal(t, rootCert.Issuer.CommonName, rootTestConfig.Subject.CommonName) } func Test_parseCertificateError(t *testing.T) { _, err := parseCertificate([]byte{}) require.Error(t, err) } func TestNewRootCA(t *testing.T) { rootCert, err := NewRootCA(&rootTestConfig) require.NoError(t, err) require.NotNil(t, rootCert) } func TestNewRootCAERror(t *testing.T) { _, err := NewRootCA(nil) require.Error(t, err) } func Test_rootCA_WithClientCert(t *testing.T) { rootCert, err := NewRootCA(&rootTestConfig) require.NoError(t, err) require.NotNil(t, rootCert) clientSrv, err := rootCert.WithClientCert(&clientTestConfig) require.NoError(t, err) require.NotNil(t, clientSrv) require.NotNil(t, clientSrv.Key()) require.Greater(t, len(clientSrv.Key()), 0) require.NotNil(t, clientSrv.PEM()) require.Greater(t, len(clientSrv.PEM()), 0) }