key_test.go

Documentation: k8s.io/client-go/util/keyutil

     1  /*
     2  Copyright 2018 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package keyutil
    18  
    19  import (
    20  	"os"
    21  	"testing"
    22  )
    23  
    24  const (
    25  	// rsaPrivateKey is a RSA Private Key in PKCS#1 format
    26  	// openssl genrsa -out rsa2048.pem 2048
    27  	rsaPrivateKey = `-----BEGIN RSA PRIVATE KEY-----
    28  MIIEpAIBAAKCAQEA92mVjhBKOFsdxFzb/Pjq+7b5TJlODAdY5hK+WxLZTIrfhDPq
    29  FWrGKdjSNiHbXrdEtwJh9V+RqPZVSN3aWy1224RgkyNdMJsXhJKuCC24ZKY8SXtW
    30  xuTYmMRaMnCsv6QBGRTIbZ2EFbAObVM7lDyv1VqY3amZIWFQMlZ9CNpxDSPa5yi4
    31  3gopbXkne0oGNmey9X0qtpk7NMZIgAL6Zz4rZ30bcfC2ag6RLOFI2E/c4n8c38R8
    32  9MfXfLkj8/Cxo4JfI9NvRCpPOpFO8d/ZtWVUuIrBQN+Y7tkN2T60Qq/TkKXUrhDe
    33  fwlTlktZVJ/GztLYU41b2GcWsh/XO+PH831rmwIDAQABAoIBAQCC9c6GDjVbM0/E
    34  WurPMusfJjE7zII1d8YkspM0HfwLug6qKdikUYpnKC/NG4rEzfl/bbFwco/lgc6O
    35  7W/hh2U8uQttlvCDA/Uk5YddKOZL0Hpk4vaB/SxxYK3luSKXpjY2knutGg2KdVCN
    36  qdsFkkH4iyYTXuyBcMNEgedZQldI/kEujIH/L7FE+DF5TMzT4lHhozDoG+fy564q
    37  qVGUZXJn0ubc3GaPn2QOLNNM44sfYA4UJCpKBXPu85bvNObjxVQO4WqwwxU1vRnL
    38  UUsaGaelhSVJCo0dVPRvrfPPKZ09HTwpy40EkgQo6VriFc1EBoQDjENLbAJv9OfQ
    39  aCc9wiZhAoGBAP/8oEy48Zbb0P8Vdy4djf5tfBW8yXFLWzXewJ4l3itKS1r42nbX
    40  9q3cJsgRTQm8uRcMIpWxsc3n6zG+lREvTkoTB3ViI7+uQPiqA+BtWyNy7jzufFke
    41  ONKZfg7QxxmYRWZBRnoNGNbMpNeERuLmhvQuom9D1WbhzAYJbfs/O4WTAoGBAPds
    42  2FNDU0gaesFDdkIUGq1nIJqRQDW485LXZm4pFqBFxdOpbdWRuYT2XZjd3fD0XY98
    43  Nhkpb7NTMCuK3BdKcqIptt+cK+quQgYid0hhhgZbpCQ5AL6c6KgyjgpYlh2enzU9
    44  Zo3yg8ej1zbbA11sBlhX+5iO2P1u5DG+JHLwUUbZAoGAUwaU102EzfEtsA4+QW7E
    45  hyjrfgFlNKHES4yb3K9bh57pIfBkqvcQwwMMcQdrfSUAw0DkVrjzel0mI1Q09QXq
    46  1ould6UFAz55RC2gZEITtUOpkYmoOx9aPrQZ9qQwb1S77ZZuTVfCHqjxLhVxCFbM
    47  npYhiQTvShciHTMhwMOZgpECgYAVV5EtVXBYltgh1YTc3EkUzgF087R7LdHsx6Gx
    48  POATwRD4WfP8aQ58lpeqOPEM+LcdSlSMRRO6fyF3kAm+BJDwxfJdRWZQXumZB94M
    49  I0VhRQRaj4Qt7PDwmTPBVrTUJzuKZxpyggm17b8Bn1Ch/VBqzGQKW8AB1E/grosM
    50  UwhfuQKBgQC2JO/iqTQScHClf0qlItCJsBuVukFmSAVCkpOD8YdbdlPdOOwSk1wQ
    51  C0eAlsC3BCMvkpidKQmra6IqIrvTGI6EFgkrb3aknWdup2w8j2udYCNqyE3W+fVe
    52  p8FdYQ1FkACQ+daO5VlClL/9l0sGjKXlNKbpmJ2H4ngZmXj5uGmxuQ==
    53  -----END RSA PRIVATE KEY-----`
    54  
    55  	// rsaPublicKey is a RSA Public Key in PEM encoded format
    56  	// openssl rsa -in rsa2048.pem -pubout -out rsa2048pub.pem
    57  	rsaPublicKey = `-----BEGIN PUBLIC KEY-----
    58  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA92mVjhBKOFsdxFzb/Pjq
    59  +7b5TJlODAdY5hK+WxLZTIrfhDPqFWrGKdjSNiHbXrdEtwJh9V+RqPZVSN3aWy12
    60  24RgkyNdMJsXhJKuCC24ZKY8SXtWxuTYmMRaMnCsv6QBGRTIbZ2EFbAObVM7lDyv
    61  1VqY3amZIWFQMlZ9CNpxDSPa5yi43gopbXkne0oGNmey9X0qtpk7NMZIgAL6Zz4r
    62  Z30bcfC2ag6RLOFI2E/c4n8c38R89MfXfLkj8/Cxo4JfI9NvRCpPOpFO8d/ZtWVU
    63  uIrBQN+Y7tkN2T60Qq/TkKXUrhDefwlTlktZVJ/GztLYU41b2GcWsh/XO+PH831r
    64  mwIDAQAB
    65  -----END PUBLIC KEY-----`
    66  
    67  	// certificate is an x509 certificate in PEM encoded format
    68  	// openssl req -new -key rsa2048.pem -sha256 -nodes -x509 -days 1826 -out x509certificate.pem -subj "/C=US/CN=not-valid"
    69  	certificate = `-----BEGIN CERTIFICATE-----
    70  MIIDFTCCAf2gAwIBAgIJAN8B8NOwtiUCMA0GCSqGSIb3DQEBCwUAMCExCzAJBgNV
    71  BAYTAlVTMRIwEAYDVQQDDAlub3QtdmFsaWQwHhcNMTcwMzIyMDI1NjM2WhcNMjIw
    72  MzIyMDI1NjM2WjAhMQswCQYDVQQGEwJVUzESMBAGA1UEAwwJbm90LXZhbGlkMIIB
    73  IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA92mVjhBKOFsdxFzb/Pjq+7b5
    74  TJlODAdY5hK+WxLZTIrfhDPqFWrGKdjSNiHbXrdEtwJh9V+RqPZVSN3aWy1224Rg
    75  kyNdMJsXhJKuCC24ZKY8SXtWxuTYmMRaMnCsv6QBGRTIbZ2EFbAObVM7lDyv1VqY
    76  3amZIWFQMlZ9CNpxDSPa5yi43gopbXkne0oGNmey9X0qtpk7NMZIgAL6Zz4rZ30b
    77  cfC2ag6RLOFI2E/c4n8c38R89MfXfLkj8/Cxo4JfI9NvRCpPOpFO8d/ZtWVUuIrB
    78  QN+Y7tkN2T60Qq/TkKXUrhDefwlTlktZVJ/GztLYU41b2GcWsh/XO+PH831rmwID
    79  AQABo1AwTjAdBgNVHQ4EFgQU1I5GfinLF7ta+dBJ6UWcrYaexLswHwYDVR0jBBgw
    80  FoAU1I5GfinLF7ta+dBJ6UWcrYaexLswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
    81  AQsFAAOCAQEAUl0wUD4y41juHFOVMYiziPYr1ShSpQXdwp8FfaHrzI5hsr8UMe8D
    82  dzb9QzZ4bx3yZhiG3ahrSBh956thMTHrKTEwAfJIEXI4cuSVWQAaOJ4Em5SDFxQe
    83  d0E6Ui2nGh1SFGF7oyuEXyzqgRMWFNDFw9HLUNgXaO18Zfouw8+K0BgbfEWEcSi1
    84  JLQbyhCjz088gltrliQGPWDFAg9cHBKtJhuTzZkvuqK1CLEmBhtzP1zFiGBfOJc8
    85  v+aKjAwrPUNX11cXOCPxBv2qXMetxaovBem6AI2hvypCInXaVQfP+yOLubzlTDjS
    86  Y708SlY38hmS1uTwDpyLOn8AKkZ8jtx75g==
    87  -----END CERTIFICATE-----`
    88  
    89  	// ecdsaPrivateKeyWithParams is a ECDSA Private Key with included EC Parameters block
    90  	// openssl ecparam -name prime256v1 -genkey -out ecdsa256params.pem
    91  	ecdsaPrivateKeyWithParams = `-----BEGIN EC PARAMETERS-----
    92  BggqhkjOPQMBBw==
    93  -----END EC PARAMETERS-----
    94  -----BEGIN EC PRIVATE KEY-----
    95  MHcCAQEEIAwSOWQqlMTZNqNF7tgua812Jxib1DVOgb2pHHyIEyNNoAoGCCqGSM49
    96  AwEHoUQDQgAEyxYNrs6a6tsNCFNYn+l+JDUZ0PnUZbcsDgJn2O62D1se8M5iQ5rY
    97  iIv6RpxE3VHvlHEIvYgCZkG0jHszTUopBg==
    98  -----END EC PRIVATE KEY-----`
    99  
   100  	// ecdsaPrivateKey is a ECDSA Private Key in ASN.1 format
   101  	// openssl ecparam -name prime256v1 -genkey -noout -out ecdsa256.pem
   102  	ecdsaPrivateKey = `-----BEGIN EC PRIVATE KEY-----
   103  MHcCAQEEIP6Qw6dHDiLsSnLXUhQVTPE0fTQQrj3XSbiQAZPXnk5+oAoGCCqGSM49
   104  AwEHoUQDQgAEZZzi1u5f2/AEGFI/HYUhU+u6cTK1q2bbtE7r1JMK+/sQA5sNAp+7
   105  Vdc3psr1OaNzyTyuhTECyRdFKXm63cMnGg==
   106  -----END EC PRIVATE KEY-----`
   107  
   108  	// ecdsaPublicKey is a ECDSA Public Key in PEM encoded format
   109  	// openssl ec -in ecdsa256.pem -pubout -out ecdsa256pub.pem
   110  	ecdsaPublicKey = `-----BEGIN PUBLIC KEY-----
   111  MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZZzi1u5f2/AEGFI/HYUhU+u6cTK1
   112  q2bbtE7r1JMK+/sQA5sNAp+7Vdc3psr1OaNzyTyuhTECyRdFKXm63cMnGg==
   113  -----END PUBLIC KEY-----`
   114  )
   115  
   116  func TestReadPrivateKey(t *testing.T) {
   117  	f, err := os.CreateTemp("", "")
   118  	if err != nil {
   119  		t.Fatalf("error creating tmpfile: %v", err)
   120  	}
   121  	defer os.Remove(f.Name())
   122  
   123  	if _, err := PrivateKeyFromFile(f.Name()); err == nil {
   124  		t.Fatalf("Expected error reading key from empty file, got none")
   125  	}
   126  
   127  	if err := os.WriteFile(f.Name(), []byte(rsaPrivateKey), os.FileMode(0600)); err != nil {
   128  		t.Fatalf("error writing private key to tmpfile: %v", err)
   129  	}
   130  	if _, err := PrivateKeyFromFile(f.Name()); err != nil {
   131  		t.Fatalf("error reading private RSA key: %v", err)
   132  	}
   133  
   134  	if err := os.WriteFile(f.Name(), []byte(ecdsaPrivateKey), os.FileMode(0600)); err != nil {
   135  		t.Fatalf("error writing private key to tmpfile: %v", err)
   136  	}
   137  	if _, err := PrivateKeyFromFile(f.Name()); err != nil {
   138  		t.Fatalf("error reading private ECDSA key: %v", err)
   139  	}
   140  
   141  	if err := os.WriteFile(f.Name(), []byte(ecdsaPrivateKeyWithParams), os.FileMode(0600)); err != nil {
   142  		t.Fatalf("error writing private key to tmpfile: %v", err)
   143  	}
   144  	if _, err := PrivateKeyFromFile(f.Name()); err != nil {
   145  		t.Fatalf("error reading private ECDSA key with params: %v", err)
   146  	}
   147  }
   148  
   149  func TestReadPublicKeys(t *testing.T) {
   150  	f, err := os.CreateTemp("", "")
   151  	if err != nil {
   152  		t.Fatalf("error creating tmpfile: %v", err)
   153  	}
   154  	defer os.Remove(f.Name())
   155  
   156  	if _, err := PublicKeysFromFile(f.Name()); err == nil {
   157  		t.Fatalf("Expected error reading keys from empty file, got none")
   158  	}
   159  
   160  	if err := os.WriteFile(f.Name(), []byte(rsaPublicKey), os.FileMode(0600)); err != nil {
   161  		t.Fatalf("error writing public key to tmpfile: %v", err)
   162  	}
   163  	if keys, err := PublicKeysFromFile(f.Name()); err != nil {
   164  		t.Fatalf("error reading RSA public key: %v", err)
   165  	} else if len(keys) != 1 {
   166  		t.Fatalf("expected 1 key, got %d", len(keys))
   167  	}
   168  
   169  	if err := os.WriteFile(f.Name(), []byte(ecdsaPublicKey), os.FileMode(0600)); err != nil {
   170  		t.Fatalf("error writing public key to tmpfile: %v", err)
   171  	}
   172  	if keys, err := PublicKeysFromFile(f.Name()); err != nil {
   173  		t.Fatalf("error reading ECDSA public key: %v", err)
   174  	} else if len(keys) != 1 {
   175  		t.Fatalf("expected 1 key, got %d", len(keys))
   176  	}
   177  
   178  	if err := os.WriteFile(f.Name(), []byte(rsaPublicKey+"\n"+ecdsaPublicKey), os.FileMode(0600)); err != nil {
   179  		t.Fatalf("error writing public key to tmpfile: %v", err)
   180  	}
   181  	if keys, err := PublicKeysFromFile(f.Name()); err != nil {
   182  		t.Fatalf("error reading combined RSA/ECDSA public key file: %v", err)
   183  	} else if len(keys) != 2 {
   184  		t.Fatalf("expected 2 keys, got %d", len(keys))
   185  	}
   186  
   187  	if err := os.WriteFile(f.Name(), []byte(certificate), os.FileMode(0600)); err != nil {
   188  		t.Fatalf("error writing certificate to tmpfile: %v", err)
   189  	}
   190  	if keys, err := PublicKeysFromFile(f.Name()); err != nil {
   191  		t.Fatalf("error reading public key from certificate file: %v", err)
   192  	} else if len(keys) != 1 {
   193  		t.Fatalf("expected 1 keys, got %d", len(keys))
   194  	}
   195  
   196  }
   197
View as plain text