1 package x509
2
3 import (
4 "crypto/rand"
5 "crypto/rsa"
6 "crypto/x509"
7 "crypto/x509/pkix"
8 "encoding/pem"
9 "math/big"
10 "net"
11 "testing"
12 "time"
13
14 "github.com/stretchr/testify/assert"
15 )
16
17 func TestGenPublicCert(t *testing.T) {
18 key, _ := rsa.GenerateKey(rand.Reader, 2048)
19
20
21 caKeySigner, _ := rsa.GenerateKey(rand.Reader, 2048)
22
23 certInfo := testCertInfo(t)
24 caCert := getTestCA(t)
25
26 x509CertBytes, _ := GenPublicCert(certInfo, key, caCert, caKeySigner)
27
28 assert.NotNil(t, x509CertBytes)
29 }
30
31 func getTestCA(t *testing.T) *x509.Certificate {
32 t.Helper()
33 return &x509.Certificate{
34 SerialNumber: big.NewInt(2019),
35 Subject: pkix.Name{
36 Organization: []string{"Company, INC."},
37 Country: []string{"US"},
38 Province: []string{""},
39 Locality: []string{"San Francisco"},
40 StreetAddress: []string{"Golden Gate Bridge"},
41 PostalCode: []string{"00000"},
42 },
43 NotBefore: time.Now(),
44 NotAfter: time.Now().AddDate(10, 0, 0),
45 IsCA: true,
46 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
47 KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
48 BasicConstraintsValid: true,
49 }
50 }
51
52 func testCertInfo(t *testing.T) CertInfo {
53 t.Helper()
54 return CertInfo{
55 Name: "Test cert",
56 CommonName: "cert info",
57 Organization: []string{
58 "system:masters",
59 },
60 Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
61 }
62 }
63
64 func TestEncodex509CertAsPem(t *testing.T) {
65 block := pem.Block{
66 Type: "CERTIFICATE",
67 Bytes: []byte{},
68 }
69 encodedBlock := pem.EncodeToMemory(&block)
70 recoveredBlock, _ := pem.Decode(encodedBlock)
71
72 assert.Equal(t, recoveredBlock.Type, "CERTIFICATE")
73 }
74
75 func TestGenerateCertAndKey(t *testing.T) {
76 testCertInfo := CertInfo{
77 Name: "test",
78 CommonName: "test",
79 DNSNames: []string{
80 "name",
81 },
82 IPs: []net.IP{
83 net.IPv4(127, 0, 0, 1),
84 },
85 }
86
87 ca := getTestCA(t)
88
89 caKeySigner, _ := rsa.GenerateKey(rand.Reader, 4096)
90
91 encodedKeyPair, err := GenerateCertAndKey(testCertInfo, ca, caKeySigner)
92
93 assert.NotNil(t, encodedKeyPair)
94 assert.NoError(t, err)
95 }
96
97 func FuzzGenerateCertAndKey(f *testing.F) {
98 ca, key := returnTestCaAndKey(f)
99 f.Fuzz(func(t *testing.T, name string, hostIP string) {
100 testCertInfo := CertInfo{
101 Name: "test",
102 CommonName: "test",
103 DNSNames: []string{
104 name,
105 },
106 IPs: []net.IP{
107 net.ParseIP(hostIP),
108 },
109 }
110
111 encodedKeyPair, err := GenerateCertAndKey(testCertInfo, ca, key)
112
113 assert.NotNil(t, encodedKeyPair)
114 assert.NoError(t, err)
115 })
116 }
117
118 func returnTestCaAndKey(f *testing.F) (*x509.Certificate, *rsa.PrivateKey) {
119 f.Helper()
120 ca := &x509.Certificate{
121 SerialNumber: big.NewInt(2019),
122 Subject: pkix.Name{
123 Organization: []string{"Company, INC."},
124 Country: []string{"US"},
125 Province: []string{""},
126 Locality: []string{"San Francisco"},
127 StreetAddress: []string{"Golden Gate Bridge"},
128 PostalCode: []string{"00000"},
129 },
130 NotBefore: time.Now(),
131 NotAfter: time.Now().AddDate(10, 0, 0),
132 IsCA: true,
133 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
134 KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
135 BasicConstraintsValid: true,
136 }
137 caKeySigner, _ := rsa.GenerateKey(rand.Reader, 4096)
138 return ca, caKeySigner
139 }
140
View as plain text