diff --git a/pkg/credentials/credentials_test.go b/pkg/credentials/credentials_test.go new file mode 100644 index 0000000..09e5333 --- /dev/null +++ b/pkg/credentials/credentials_test.go @@ -0,0 +1,127 @@ +package credentials + +import ( + "errors" + "log" + "os" + "os/exec" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +var ( + testDir = "testDir" + testCertKeyError = testDir + "/testKeyError.pem" + testKeyError = testDir + "/error-key.pem" + testCertKey = testDir + "/testCertKey.pem" + testCert = testDir + "/testCert.pem" + testCertScript = testDir + "/certScript.sh" + testKeyPass = "test" + + generateKeyScript = `#!/bin/bash + openssl genpkey -out ./` + testCertKey + ` -algorithm RSA -pass pass:test -des3` + + generateCertScript = `#!/bin/bash + openssl req -new -sha256 -key ./` + testCertKey + ` -passin pass:test -out ./` + testCert + ` -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"` + + certKeyOk = `-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgP+sX5Fn7WhQgAt1l +nL3YaX0RPuJFf058/r90mO/xViyhRANCAAT3qOUKYwgSbBSVAMkC14/kZAQWZIef ++SnO6GvOjMU8dcchboisMujVQRksfgJUsBZmfquh93BnkYqkSzlD+dIE +-----END PRIVATE KEY-----` + + certKeyError = `-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgFrBUnTIIrSbRBZpX +j3TlomgnCQFe6JUVBO0fyRQMk1qhRANCAASTLZ8S8rWSmraKWNdM6N3pWPuATi92 +yQuhZ6P2JaLnfmYemIOprHeRSqTqWy4+kus3b4LxPEzu86/248d7d +-----END PRIVATE KEY-----` +) + +func createTestDir() error { + return os.MkdirAll(testDir, 0o770) +} + +func deleteTestDir() error { + return os.RemoveAll(testDir) +} + +func createEncryptedKeyFile() error { + if err := os.WriteFile(testCertScript, []byte(generateKeyScript), os.ModeAppend); err != nil { + log.Fatalln("os.WriteFile: ", err) + } + + cmd := exec.Command("bash", testCertScript) + output_bts, err := cmd.CombinedOutput() + if err != nil { + return errors.New(string(output_bts)) + } + return nil +} + +func createCertificateFromKeyFile() error { + if err := os.WriteFile(testCertScript, []byte(generateCertScript), os.ModeAppend); err != nil { + log.Fatalln("os.WriteFile: ", err) + } + + cmd := exec.Command("bash", testCertScript) + output_bts, err := cmd.CombinedOutput() + if err != nil { + return errors.New(string(output_bts)) + } + return nil +} + +func TestCredentialsFromKeyWithPasswd(t *testing.T) { + require.NoError(t, deleteTestDir()) + require.NoError(t, createTestDir()) + require.NoError(t, createEncryptedKeyFile()) + require.NoError(t, createCertificateFromKeyFile()) + + defer func() { + require.NoError(t, deleteTestDir()) + }() + + _, err := CredentialsFromKeyWithPasswd(testCert, testCertKey, testKeyPass) + assert.NoError(t, err, "key with password should not fail") + + _, err = CredentialsFromKeyWithPasswd(testCert, testCertKey, "wrong-pass") + assert.Error(t, err, "key with wrong pass password should not fail") +} + +func TestCredentialsFromKeyWithPasswdError(t *testing.T) { + require.NoError(t, deleteTestDir()) + require.NoError(t, createTestDir()) + + defer func() { + require.NoError(t, deleteTestDir()) + }() + + _, err := CredentialsFromKeyWithPasswd("", "", "") + assert.Error(t, err) + + _, err = CredentialsFromKeyWithPasswd(testCert, "", "") + assert.Error(t, err) + + _, err = CredentialsFromKeyWithPasswd(testCert, "not-exists.txt", "") + assert.Error(t, err) + + require.NoError(t, os.WriteFile(testKeyError, []byte(""), os.ModeAppend)) + + _, err = CredentialsFromKeyWithPasswd(testCert, testKeyError, testKeyPass) + require.Error(t, err) + + require.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyError), os.ModeAppend)) + _, err = CredentialsFromKeyWithPasswd(testCert, testCertKeyError, testKeyPass) + assert.Error(t, err) + + require.NoError(t, os.Remove(testCertKeyError)) + assert.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyOk), os.ModeAppend)) + _, err = CredentialsFromKeyWithPasswd(testCert, testCertKeyError, testKeyPass) + assert.Error(t, err, "key without password should fail") + + require.NoError(t, createEncryptedKeyFile()) + _, err = CredentialsFromKeyWithPasswd(testCert, testCertKey, testKeyPass) + assert.Error(t, err, "key without password should fail") +}