package credentials import ( "errors" "log" "os" "os/exec" "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) var ( testDir = "testDir" testCertKeyError = testDir + "/testKeyError.pem" testKeyError = testDir + "/error-key.pem" testCertKey = testDir + "/testCertKey.pem" testCert = testDir + "/testCert.pem" testCertScript = testDir + "/certScript.sh" testKeyPass = "test" generateKeyScript = `#!/bin/bash openssl genpkey -out ./` + testCertKey + ` -algorithm RSA -pass pass:test -des3` generateCertScript = `#!/bin/bash openssl req -new -sha256 -key ./` + testCertKey + ` -passin pass:test -out ./` + testCert + ` -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"` certKeyOk = `-----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgP+sX5Fn7WhQgAt1l nL3YaX0RPuJFf058/r90mO/xViyhRANCAAT3qOUKYwgSbBSVAMkC14/kZAQWZIef +SnO6GvOjMU8dcchboisMujVQRksfgJUsBZmfquh93BnkYqkSzlD+dIE -----END PRIVATE KEY-----` certKeyError = `-----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgFrBUnTIIrSbRBZpX j3TlomgnCQFe6JUVBO0fyRQMk1qhRANCAASTLZ8S8rWSmraKWNdM6N3pWPuATi92 yQuhZ6P2JaLnfmYemIOprHeRSqTqWy4+kus3b4LxPEzu86/248d7d -----END PRIVATE KEY-----` ) func createTestDir() error { return os.MkdirAll(testDir, 0o770) } func deleteTestDir() error { return os.RemoveAll(testDir) } func createEncryptedKeyFile() error { if err := os.WriteFile(testCertScript, []byte(generateKeyScript), os.ModeAppend); err != nil { log.Fatalln("os.WriteFile: ", err) } cmd := exec.Command("bash", testCertScript) output_bts, err := cmd.CombinedOutput() if err != nil { return errors.New(string(output_bts)) } return nil } func createCertificateFromKeyFile() error { if err := os.WriteFile(testCertScript, []byte(generateCertScript), os.ModeAppend); err != nil { log.Fatalln("os.WriteFile: ", err) } cmd := exec.Command("bash", testCertScript) output_bts, err := cmd.CombinedOutput() if err != nil { return errors.New(string(output_bts)) } return nil } func TestCredentialsFromKeyWithPasswd(t *testing.T) { require.NoError(t, deleteTestDir()) require.NoError(t, createTestDir()) require.NoError(t, createEncryptedKeyFile()) require.NoError(t, createCertificateFromKeyFile()) defer func() { require.NoError(t, deleteTestDir()) }() _, err := CredentialsFromKeyWithPasswd(testCert, testCertKey, testKeyPass) assert.NoError(t, err, "key with password should not fail") _, err = CredentialsFromKeyWithPasswd(testCert, testCertKey, "wrong-pass") assert.Error(t, err, "key with wrong pass password should not fail") } func TestCredentialsFromKeyWithPasswdError(t *testing.T) { require.NoError(t, deleteTestDir()) require.NoError(t, createTestDir()) defer func() { require.NoError(t, deleteTestDir()) }() _, err := CredentialsFromKeyWithPasswd("", "", "") assert.Error(t, err) _, err = CredentialsFromKeyWithPasswd(testCert, "", "") assert.Error(t, err) _, err = CredentialsFromKeyWithPasswd(testCert, "not-exists.txt", "") assert.Error(t, err) require.NoError(t, os.WriteFile(testKeyError, []byte(""), os.ModeAppend)) _, err = CredentialsFromKeyWithPasswd(testCert, testKeyError, testKeyPass) require.Error(t, err) require.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyError), os.ModeAppend)) _, err = CredentialsFromKeyWithPasswd(testCert, testCertKeyError, testKeyPass) assert.Error(t, err) require.NoError(t, os.Remove(testCertKeyError)) assert.NoError(t, os.WriteFile(testCertKeyError, []byte(certKeyOk), os.ModeAppend)) _, err = CredentialsFromKeyWithPasswd(testCert, testCertKeyError, testKeyPass) assert.Error(t, err, "key without password should fail") require.NoError(t, createEncryptedKeyFile()) _, err = CredentialsFromKeyWithPasswd(testCert, testCertKey, testKeyPass) assert.Error(t, err, "key without password should fail") }