128 lines
3.9 KiB
Go
128 lines
3.9 KiB
Go
|
package credentials
|
||
|
|
||
|
import (
|
||
|
"errors"
|
||
|
"log"
|
||
|
"os"
|
||
|
"os/exec"
|
||
|
"testing"
|
||
|
|
||
|
"github.com/stretchr/testify/assert"
|
||
|
"github.com/stretchr/testify/require"
|
||
|
)
|
||
|
|
||
|
var (
|
||
|
testDir = "testDir"
|
||
|
testCertKeyError = testDir + "/testKeyError.pem"
|
||
|
testKeyError = testDir + "/error-key.pem"
|
||
|
testCertKey = testDir + "/testCertKey.pem"
|
||
|
testCert = testDir + "/testCert.pem"
|
||
|
testCertScript = testDir + "/certScript.sh"
|
||
|
testKeyPass = "test"
|
||
|
|
||
|
generateKeyScript = `#!/bin/bash
|
||
|
openssl genpkey -out ./` + testCertKey + ` -algorithm RSA -pass pass:test -des3`
|
||
|
|
||
|
generateCertScript = `#!/bin/bash
|
||
|
openssl req -new -sha256 -key ./` + testCertKey + ` -passin pass:test -out ./` + testCert + ` -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"`
|
||
|
|
||
|
certKeyOk = `-----BEGIN PRIVATE KEY-----
|
||
|
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgP+sX5Fn7WhQgAt1l
|
||
|
nL3YaX0RPuJFf058/r90mO/xViyhRANCAAT3qOUKYwgSbBSVAMkC14/kZAQWZIef
|
||
|
+SnO6GvOjMU8dcchboisMujVQRksfgJUsBZmfquh93BnkYqkSzlD+dIE
|
||
|
-----END PRIVATE KEY-----`
|
||
|
|
||
|
certKeyError = `-----BEGIN PRIVATE KEY-----
|
||
|
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgFrBUnTIIrSbRBZpX
|
||
|
j3TlomgnCQFe6JUVBO0fyRQMk1qhRANCAASTLZ8S8rWSmraKWNdM6N3pWPuATi92
|
||
|
yQuhZ6P2JaLnfmYemIOprHeRSqTqWy4+kus3b4LxPEzu86/248d7d
|
||
|
-----END PRIVATE KEY-----`
|
||
|
)
|
||
|
|
||
|
func createTestDir() error {
|
||
|
return os.MkdirAll(testDir, 0o770)
|
||
|
}
|
||
|
|
||
|
func deleteTestDir() error {
|
||
|
return os.RemoveAll(testDir)
|
||
|
}
|
||
|
|
||
|
func createEncryptedKeyFile() error {
|
||
|
if err := os.WriteFile(testCertScript, []byte(generateKeyScript), os.ModeAppend); err != nil {
|
||
|
log.Fatalln("os.WriteFile: ", err)
|
||
|
}
|
||
|
|
||
|
cmd := exec.Command("bash", testCertScript)
|
||
|
output_bts, err := cmd.CombinedOutput()
|
||
|
if err != nil {
|
||
|
return errors.New(string(output_bts))
|
||
|
}
|
||
|
return nil
|
||
|
}
|
||
|
|
||
|
func createCertificateFromKeyFile() error {
|
||
|
if err := os.WriteFile(testCertScript, []byte(generateCertScript), os.ModeAppend); err != nil {
|
||
|
log.Fatalln("os.WriteFile: ", err)
|
||
|
}
|
||
|
|
||
|
cmd := exec.Command("bash", testCertScript)
|
||
|
output_bts, err := cmd.CombinedOutput()
|
||
|
if err != nil {
|
||
|
return errors.New(string(output_bts))
|
||
|
}
|
||
|
return nil
|
||
|
}
|
||
|
|
||
|
func TestCredentialsFromKeyWithPasswd(t *testing.T) {
|
||
|
require.NoError(t, deleteTestDir())
|
||
|
require.NoError(t, createTestDir())
|
||
|
require.NoError(t, createEncryptedKeyFile())
|
||
|
require.NoError(t, createCertificateFromKeyFile())
|
||
|
|
||
|
defer func() {
|
||
|
require.NoError(t, deleteTestDir())
|
||
|
}()
|
||
|
|
||
|
_, err := CredentialsFromKeyWithPasswd(testCert, testCertKey, testKeyPass)
|
||
|
assert.NoError(t, err, "key with password should not fail")
|
||
|
|
||
|
_, err = CredentialsFromKeyWithPasswd(testCert, testCertKey, "wrong-pass")
|
||
|
assert.Error(t, err, "key with wrong pass password should not fail")
|
||
|
}
|
||
|
|
||
|
func TestCredentialsFromKeyWithPasswdError(t *testing.T) {
|
||
|
require.NoError(t, deleteTestDir())
|
||
|
require.NoError(t, createTestDir())
|
||
|
|
||
|
defer func() {
|
||
|
require.NoError(t, deleteTestDir())
|
||
|
}()
|
||
|
|
||
|
_, err := CredentialsFromKeyWithPasswd("", "", "")
|
||
|
assert.Error(t, err)
|
||
|
|
||
|
_, err = CredentialsFromKeyWithPasswd(testCert, "", "")
|
||
|
assert.Error(t, err)
|
||
|
|
||
|
_, err = CredentialsFromKeyWithPasswd(testCert, "not-exists.txt", "")
|
||
|
assert.Error(t, err)
|
||
|
|
||
|
require.NoError(t, os.WriteFile(testKeyError, []byte(""), os.ModeAppend))
|
||
|
|
||
|
_, err = CredentialsFromKeyWithPasswd(testCert, testKeyError, testKeyPass)
|
||
|
require.Error(t, err)
|
||
|
|
||
|
require.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyError), os.ModeAppend))
|
||
|
_, err = CredentialsFromKeyWithPasswd(testCert, testCertKeyError, testKeyPass)
|
||
|
assert.Error(t, err)
|
||
|
|
||
|
require.NoError(t, os.Remove(testCertKeyError))
|
||
|
assert.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyOk), os.ModeAppend))
|
||
|
_, err = CredentialsFromKeyWithPasswd(testCert, testCertKeyError, testKeyPass)
|
||
|
assert.Error(t, err, "key without password should fail")
|
||
|
|
||
|
require.NoError(t, createEncryptedKeyFile())
|
||
|
_, err = CredentialsFromKeyWithPasswd(testCert, testCertKey, testKeyPass)
|
||
|
assert.Error(t, err, "key without password should fail")
|
||
|
}
|