forked from TrueCloudLab/certificates
212 lines
7.1 KiB
Go
212 lines
7.1 KiB
Go
package x509util
|
|
|
|
import (
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"crypto/x509/pkix"
|
|
"net"
|
|
"net/url"
|
|
"reflect"
|
|
"testing"
|
|
)
|
|
|
|
func Test_newCertificateRequest(t *testing.T) {
|
|
|
|
type args struct {
|
|
cr *x509.CertificateRequest
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want *CertificateRequest
|
|
}{
|
|
{"ok", args{&x509.CertificateRequest{}}, &CertificateRequest{}},
|
|
{"complex", args{&x509.CertificateRequest{
|
|
Extensions: []pkix.Extension{{Id: []int{1, 2, 3}, Critical: true, Value: []byte{3, 2, 1}}},
|
|
Subject: pkix.Name{Province: []string{"CA"}, CommonName: "commonName"},
|
|
DNSNames: []string{"foo"},
|
|
PublicKey: []byte("publicKey"),
|
|
}}, &CertificateRequest{
|
|
Extensions: []Extension{{ID: []int{1, 2, 3}, Critical: true, Value: []byte{3, 2, 1}}},
|
|
Subject: Subject{Province: []string{"CA"}, CommonName: "commonName"},
|
|
DNSNames: []string{"foo"},
|
|
PublicKey: []byte("publicKey"),
|
|
}},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
if got := newCertificateRequest(tt.args.cr); !reflect.DeepEqual(got, tt.want) {
|
|
t.Errorf("newCertificateRequest() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCertificateRequest_GetCertificate(t *testing.T) {
|
|
type fields struct {
|
|
Version int
|
|
Subject Subject
|
|
DNSNames MultiString
|
|
EmailAddresses MultiString
|
|
IPAddresses MultiIP
|
|
URIs MultiURL
|
|
Extensions []Extension
|
|
PublicKey interface{}
|
|
PublicKeyAlgorithm x509.PublicKeyAlgorithm
|
|
Signature []byte
|
|
SignatureAlgorithm x509.SignatureAlgorithm
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
want *Certificate
|
|
}{
|
|
{"ok",
|
|
fields{
|
|
Version: 2,
|
|
Subject: Subject{CommonName: "foo"},
|
|
DNSNames: []string{"foo"},
|
|
EmailAddresses: []string{"foo@bar.com"},
|
|
IPAddresses: []net.IP{net.ParseIP("::1")},
|
|
URIs: []*url.URL{{Scheme: "https", Host: "foo.bar"}},
|
|
Extensions: []Extension{{ID: []int{1, 2, 3}, Critical: true, Value: []byte{3, 2, 1}}},
|
|
PublicKey: []byte("publicKey"),
|
|
PublicKeyAlgorithm: x509.Ed25519,
|
|
Signature: []byte("signature"),
|
|
SignatureAlgorithm: x509.PureEd25519,
|
|
},
|
|
&Certificate{
|
|
Subject: Subject{CommonName: "foo"},
|
|
DNSNames: []string{"foo"},
|
|
EmailAddresses: []string{"foo@bar.com"},
|
|
IPAddresses: []net.IP{net.ParseIP("::1")},
|
|
URIs: []*url.URL{{Scheme: "https", Host: "foo.bar"}},
|
|
Extensions: []Extension{{ID: []int{1, 2, 3}, Critical: true, Value: []byte{3, 2, 1}}},
|
|
PublicKey: []byte("publicKey"),
|
|
PublicKeyAlgorithm: x509.Ed25519,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
c := &CertificateRequest{
|
|
Version: tt.fields.Version,
|
|
Subject: tt.fields.Subject,
|
|
DNSNames: tt.fields.DNSNames,
|
|
EmailAddresses: tt.fields.EmailAddresses,
|
|
IPAddresses: tt.fields.IPAddresses,
|
|
URIs: tt.fields.URIs,
|
|
Extensions: tt.fields.Extensions,
|
|
PublicKey: tt.fields.PublicKey,
|
|
PublicKeyAlgorithm: tt.fields.PublicKeyAlgorithm,
|
|
Signature: tt.fields.Signature,
|
|
SignatureAlgorithm: tt.fields.SignatureAlgorithm,
|
|
}
|
|
if got := c.GetCertificate(); !reflect.DeepEqual(got, tt.want) {
|
|
t.Errorf("CertificateRequest.GetCertificate() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCertificateRequest_GetLeafCertificate(t *testing.T) {
|
|
type fields struct {
|
|
Version int
|
|
Subject Subject
|
|
DNSNames MultiString
|
|
EmailAddresses MultiString
|
|
IPAddresses MultiIP
|
|
URIs MultiURL
|
|
Extensions []Extension
|
|
PublicKey interface{}
|
|
PublicKeyAlgorithm x509.PublicKeyAlgorithm
|
|
Signature []byte
|
|
SignatureAlgorithm x509.SignatureAlgorithm
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
want *Certificate
|
|
}{
|
|
{"ok",
|
|
fields{
|
|
Version: 2,
|
|
Subject: Subject{CommonName: "foo"},
|
|
DNSNames: []string{"foo"},
|
|
EmailAddresses: []string{"foo@bar.com"},
|
|
IPAddresses: []net.IP{net.ParseIP("::1")},
|
|
URIs: []*url.URL{{Scheme: "https", Host: "foo.bar"}},
|
|
Extensions: []Extension{{ID: []int{1, 2, 3}, Critical: true, Value: []byte{3, 2, 1}}},
|
|
PublicKey: []byte("publicKey"),
|
|
PublicKeyAlgorithm: x509.Ed25519,
|
|
Signature: []byte("signature"),
|
|
SignatureAlgorithm: x509.PureEd25519,
|
|
},
|
|
&Certificate{
|
|
Subject: Subject{CommonName: "foo"},
|
|
DNSNames: []string{"foo"},
|
|
EmailAddresses: []string{"foo@bar.com"},
|
|
IPAddresses: []net.IP{net.ParseIP("::1")},
|
|
URIs: []*url.URL{{Scheme: "https", Host: "foo.bar"}},
|
|
Extensions: []Extension{{ID: []int{1, 2, 3}, Critical: true, Value: []byte{3, 2, 1}}},
|
|
KeyUsage: KeyUsage(x509.KeyUsageDigitalSignature),
|
|
ExtKeyUsage: ExtKeyUsage([]x509.ExtKeyUsage{
|
|
x509.ExtKeyUsageServerAuth,
|
|
x509.ExtKeyUsageClientAuth,
|
|
}),
|
|
PublicKey: []byte("publicKey"),
|
|
PublicKeyAlgorithm: x509.Ed25519,
|
|
},
|
|
},
|
|
{"rsa",
|
|
fields{
|
|
Version: 2,
|
|
Subject: Subject{CommonName: "foo"},
|
|
DNSNames: []string{"foo"},
|
|
EmailAddresses: []string{"foo@bar.com"},
|
|
IPAddresses: []net.IP{net.ParseIP("::1")},
|
|
URIs: []*url.URL{{Scheme: "https", Host: "foo.bar"}},
|
|
Extensions: []Extension{{ID: []int{1, 2, 3}, Critical: true, Value: []byte{3, 2, 1}}},
|
|
PublicKey: &rsa.PublicKey{},
|
|
PublicKeyAlgorithm: x509.RSA,
|
|
Signature: []byte("signature"),
|
|
SignatureAlgorithm: x509.SHA256WithRSA,
|
|
},
|
|
&Certificate{
|
|
Subject: Subject{CommonName: "foo"},
|
|
DNSNames: []string{"foo"},
|
|
EmailAddresses: []string{"foo@bar.com"},
|
|
IPAddresses: []net.IP{net.ParseIP("::1")},
|
|
URIs: []*url.URL{{Scheme: "https", Host: "foo.bar"}},
|
|
Extensions: []Extension{{ID: []int{1, 2, 3}, Critical: true, Value: []byte{3, 2, 1}}},
|
|
KeyUsage: KeyUsage(x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment),
|
|
ExtKeyUsage: ExtKeyUsage([]x509.ExtKeyUsage{
|
|
x509.ExtKeyUsageServerAuth,
|
|
x509.ExtKeyUsageClientAuth,
|
|
}),
|
|
PublicKey: &rsa.PublicKey{},
|
|
PublicKeyAlgorithm: x509.RSA,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
c := &CertificateRequest{
|
|
Version: tt.fields.Version,
|
|
Subject: tt.fields.Subject,
|
|
DNSNames: tt.fields.DNSNames,
|
|
EmailAddresses: tt.fields.EmailAddresses,
|
|
IPAddresses: tt.fields.IPAddresses,
|
|
URIs: tt.fields.URIs,
|
|
Extensions: tt.fields.Extensions,
|
|
PublicKey: tt.fields.PublicKey,
|
|
PublicKeyAlgorithm: tt.fields.PublicKeyAlgorithm,
|
|
Signature: tt.fields.Signature,
|
|
SignatureAlgorithm: tt.fields.SignatureAlgorithm,
|
|
}
|
|
if got := c.GetLeafCertificate(); !reflect.DeepEqual(got, tt.want) {
|
|
t.Errorf("CertificateRequest.GetLeafCertificate() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|