github.com/Venafi/vcert/v5@v5.10.2/examples/simple-cli/main_test.go (about) 1 /* 2 * Copyright 2018 Venafi, Inc. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package main 18 19 import ( 20 "crypto/tls" 21 "crypto/x509" 22 "crypto/x509/pkix" 23 "encoding/pem" 24 "net/http" 25 "testing" 26 "time" 27 28 "github.com/Venafi/vcert/v5" 29 "github.com/Venafi/vcert/v5/pkg/certificate" 30 "github.com/Venafi/vcert/v5/test" 31 ) 32 33 var effectiveConfig *vcert.Config 34 35 func init() { 36 effectiveConfig = tppConfig 37 http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true} 38 } 39 40 func TestRequestCertificate(t *testing.T) { 41 // 42 // 0. Get client instance based on connection config 43 // 44 c, err := vcert.NewClient(effectiveConfig) 45 if err != nil { 46 t.Fatalf("could not connect to endpoint: %s", err) 47 } 48 49 // 50 // 1. Compose request object 51 // 52 req := &certificate.Request{ 53 Subject: pkix.Name{ 54 CommonName: "client.venafi.example.com", 55 Organization: []string{"Venafi.com"}, 56 OrganizationalUnit: []string{"Integration Team"}, 57 Locality: []string{"Salt Lake"}, 58 Province: []string{"Salt Lake"}, 59 Country: []string{"US"}, 60 }, 61 DNSNames: []string{"www.client.venafi.example.com", "ww1.client.venafi.example.com"}, 62 //EmailAddresses: []string{"e1@venafi.example.com", "e2@venafi.example.com"}, 63 //IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1), net.IPv4(127, 0, 0, 2)}, 64 CsrOrigin: certificate.LocalGeneratedCSR, 65 KeyType: certificate.KeyTypeRSA, 66 KeyLength: 2048, 67 ChainOption: certificate.ChainOptionRootLast, 68 KeyPassword: dummy_pass, 69 } 70 71 // 72 // 2. Generate private key and certificate request (CSR) based on request's options 73 // 74 err = c.GenerateRequest(nil, req) 75 if err != nil { 76 t.Fatalf("could not generate certificate request: %s", err) 77 } 78 79 // 80 // 3. Submit certificate request, get request ID as a response 81 // 82 requestID, err := c.RequestCertificate(req) 83 if err != nil { 84 t.Fatalf("could not submit certificate request: %s", err) 85 } 86 87 // 88 // 4. Retrieve certificate using request ID obtained on previous step, get PEM collection as a response 89 // 90 req.PickupID = requestID 91 req.Timeout = 180 * time.Second 92 pcc, err := c.RetrieveCertificate(req) 93 if err != nil { 94 t.Fatalf("could not retrieve certificate using requestId %s: %s", requestID, err) 95 } 96 97 // 98 // 5. (optional) Add certificate's private key to PEM collection 99 // 100 pcc.AddPrivateKey(req.PrivateKey, []byte(req.KeyPassword)) 101 102 // 103 // 6. Done! 104 // 105 pp(requestID) 106 pp(pcc) 107 } 108 109 func TestRevokeCertificate(t *testing.T) { 110 // 111 // 0. Get client instance based on connection config 112 // 113 c, err := vcert.NewClient(effectiveConfig) 114 if err != nil { 115 t.Fatalf("could not connect to endpoint: %s", err) 116 } 117 118 // 119 // 1. Compose revocation object 120 // 121 req := &certificate.RevocationRequest{ 122 CertificateDN: `\VED\Policy\` + effectiveConfig.Zone + `\client.venafi.example.com`, 123 Reason: "key-compromise", 124 Comments: "revocation comment below", 125 Disable: false, 126 } 127 128 // 129 // 2. Submit revocation request 130 // 131 err = c.RevokeCertificate(req) 132 if err != nil { 133 t.Fatalf("could not submit certificate revocation request: %s", err) 134 } 135 136 // 137 // 3. Done! 138 // 139 } 140 141 func TestRenewCertificate(t *testing.T) { 142 // 143 // 0. Get client instance based on connection config 144 // 145 c, err := vcert.NewClient(effectiveConfig) 146 if err != nil { 147 t.Fatalf("could not connect to endpoint: %s", err) 148 } 149 150 // 151 // 1. Compose renewal object 152 // 153 renewReq := &certificate.RenewalRequest{ 154 // certificate is identified using DN 155 CertificateDN: `\VED\Policy\` + effectiveConfig.Zone + `\client.venafi.example.com`, 156 // ..or SHA1 Thumbprint 157 // Thumbprint: "", 158 //CertificateRequest: certificate.Request{} 159 } 160 161 // 162 // 2. Submit renewal request 163 // 164 requestID, err := c.RenewCertificate(renewReq) 165 if err != nil { 166 t.Fatalf("could not submit certificate renewal request: %s", err) 167 } 168 169 // 170 // 3. Retrieve certificate using request ID obtained on previous step, get PEM collection as a response 171 // 172 req := &certificate.Request{ 173 PickupID: requestID, 174 Timeout: 180 * time.Second, 175 } 176 pcc, err := c.RetrieveCertificate(req) 177 if err != nil { 178 t.Fatalf("could not retrieve certificate using requestId %s: %s", requestID, err) 179 } 180 181 // 182 // 4. Done! 183 // 184 pp(requestID) 185 pp(pcc) 186 187 // decode renewed certificate 188 block, _ := pem.Decode([]byte(pcc.Certificate)) 189 if block == nil || block.Type != "CERTIFICATE" { 190 t.Fatalf("could not get PEM certificate block") 191 } 192 cert, err := x509.ParseCertificate([]byte(block.Bytes)) 193 if err != nil { 194 t.Fatalf("could not parse x509 certificate: %s", err) 195 } 196 197 // renew certificate by serial number 198 pp(cert.SerialNumber) 199 200 } 201 202 func TestImportCertificate(t *testing.T) { 203 // 204 // 0. Get client instance based on connection config 205 // 206 c, err := vcert.NewClient(effectiveConfig) 207 if err != nil { 208 t.Fatalf("could not connect to endpoint: %s", err) 209 } 210 211 // 212 // 1. Compose, generate, submit request and retrieve certificate 213 // 214 req := &certificate.Request{ 215 Subject: pkix.Name{ 216 CommonName: "client.venafi.example.com", 217 Organization: []string{"Venafi.com"}, 218 OrganizationalUnit: []string{"Integration Team"}, 219 Locality: []string{"Salt Lake"}, 220 Province: []string{"Salt Lake"}, 221 Country: []string{"US"}, 222 }, 223 DNSNames: []string{"www.client.venafi.example.com", "ww1.client.venafi.example.com"}, 224 CsrOrigin: certificate.LocalGeneratedCSR, 225 KeyType: certificate.KeyTypeRSA, 226 KeyLength: 2048, 227 ChainOption: certificate.ChainOptionRootLast, 228 KeyPassword: dummy_pass, 229 } 230 231 err = c.GenerateRequest(nil, req) 232 if err != nil { 233 t.Fatalf("could not generate certificate request: %s", err) 234 } 235 236 requestID, err := c.RequestCertificate(req) 237 if err != nil { 238 t.Fatalf("could not submit certificate request: %s", err) 239 } 240 241 req.PickupID = requestID 242 req.Timeout = 180 * time.Second 243 pcc, err := c.RetrieveCertificate(req) 244 if err != nil { 245 t.Fatalf("could not retrieve certificate using requestId %s: %s", requestID, err) 246 } 247 248 pcc.AddPrivateKey(req.PrivateKey, []byte(req.KeyPassword)) 249 250 pp(requestID) 251 pp(pcc) 252 253 // 254 // 2. Import certificate to another object of the same Zone 255 // 256 importCertDN := test.RandCN() 257 importReq := &certificate.ImportRequest{ 258 // if PolicyDN is empty, it is taken from cfg.Zone 259 ObjectName: importCertDN, 260 CertificateData: pcc.Certificate, 261 PrivateKeyData: pcc.PrivateKey, 262 Password: dummy_pass, 263 Reconcile: false, 264 } 265 importResp, err := c.ImportCertificate(importReq) 266 if err != nil { 267 t.Fatalf("could not import certificate: %s", err) 268 } 269 pp(importReq) 270 pp(importResp) 271 272 // 273 // 3. Retrieve certificate & key from new object 274 // 275 req = &certificate.Request{ 276 PickupID: importResp.CertificateDN, 277 Timeout: 180 * time.Second, 278 KeyPassword: dummy_pass, 279 FetchPrivateKey: true, 280 } 281 pcc2, err := c.RetrieveCertificate(req) 282 if err != nil { 283 t.Fatalf("could not retrieve certificate using requestId %s: %s", requestID, err) 284 } 285 pp(pcc2) 286 }