1 package tls
2
3 import (
4 "testing"
5 "time"
6 )
7
8 func getCa(validFrom time.Time, issuerCertLifetime time.Duration, endCertLifetime time.Duration) (*CA, error) {
9 key, err := GenerateKey()
10 if err != nil {
11 return nil, err
12 }
13
14 ca, err := CreateRootCA("fake-name", key, Validity{ValidFrom: &validFrom, Lifetime: issuerCertLifetime})
15 if err != nil {
16 return nil, err
17 }
18
19 return NewCA(ca.Cred, Validity{ValidFrom: &validFrom, Lifetime: endCertLifetime}), nil
20 }
21
22 func TestCaIssuesCertsWithCorrectExpiration(t *testing.T) {
23
24 validFrom := time.Now().UTC().Round(time.Second)
25
26 testCases := []struct {
27 desc string
28 validFrom time.Time
29 issuerLifeTime time.Duration
30 endCertLifetime time.Duration
31 expectedCertExpiration time.Time
32 }{
33 {
34 desc: "issuer cert expires after end cert",
35 validFrom: validFrom,
36 issuerLifeTime: time.Hour * 48,
37 endCertLifetime: time.Hour * 24,
38 expectedCertExpiration: validFrom.Add(time.Hour * 24).Add(DefaultClockSkewAllowance),
39 },
40 {
41 desc: "issuer cert expires before end cert",
42 validFrom: validFrom,
43 issuerLifeTime: time.Hour * 10,
44 endCertLifetime: time.Hour * 24,
45 expectedCertExpiration: validFrom.Add(time.Hour * 10).Add(DefaultClockSkewAllowance),
46 },
47 }
48
49 for _, tc := range testCases {
50 tc := tc
51 t.Run(tc.desc, func(t *testing.T) {
52
53 ca, err := getCa(tc.validFrom, tc.issuerLifeTime, tc.endCertLifetime)
54 if err != nil {
55 t.Fatalf("Unexpected error: %s", err)
56 }
57 crt, err := ca.GenerateEndEntityCred("fake-name")
58 if err != nil {
59 t.Fatalf("Unexpected error: %s", err)
60 }
61 if crt.Certificate.NotAfter != tc.expectedCertExpiration {
62 t.Fatalf("Expected cert expiration %v but got %v", tc.expectedCertExpiration, crt.Certificate.NotAfter)
63 }
64 })
65 }
66
67 }
68
View as plain text