github.com/Venafi/vcert/v5@v5.10.2/pkg/certificate/certificateCollection_test.go (about) 1 /* 2 * Copyright 2018 Venafi, Inc. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package certificate 18 19 import ( 20 "crypto/x509" 21 "encoding/pem" 22 "os" 23 "strings" 24 "testing" 25 26 "github.com/Venafi/vcert/v5/pkg/util" 27 ) 28 29 var pkPEM = `-----BEGIN RSA PRIVATE KEY----- 30 Proc-Type: 4,ENCRYPTED 31 DEK-Info: AES-256-CBC,e6fd60eaab2166aa498479b0eb947d21 32 pkormg5NbGtPPnLg58JAS10jUaRPJVPZKD6OkCabW9C3FVKhg7y2jaJ3VnNPEDXI 33 TwnZwl3oX0MXuCrN15ryoZBKQsxewnprOQ5c9FcoSPCSafFZ8RWfZoirCdap2uRB 34 Au5oLg7waK9ESe50xTdiAkRVm+4F3+k6TOygJ19i1Gr8mp+xD8J3CntLSjF7JgTC 35 JBBOrD5FjYHDzgG7wRtc3QpRlqAehN2RSZSYLkO5D/qoq1i1EW5CbBh8v748MXFv 36 Hol8tpygZS+ZCVJGbxsNRyjhpFArG1yZEcYtU4XDqcWvxVlJc8scCZHw3elhHekz 37 bH7kuTEm59oeeKjKyfsBt8SmPvxgvw1phT06y1D5xVslTZl7GuRARBDI/B5a5bBJ 38 XjTd39VCq6NuX2NrOVTo6h2zJL4sXEs6Yz1vhb9PfA8ROswAGDceUWMUc0yhsxVh 39 ihdDazqQiMnj6+MV/mRlEDPfur2Gs9ia0RMogrnJF+lHk3a8zw75Pa9F9G7ZQivo 40 SRIUd7QcBS28Vpe2pPrsigdzRiBz+g48gSN/2qozZ3lg4DK6m3uWWQK6qrkSd2nm 41 z/LX3BZKp4oCLY2ka/3bX9nKt9n9U4Sg1yCMVQpiugPFN9zAJew6Go40AbGIK34U 42 7hpPUSKhF4NYCNR1DuLWPx9RbXUndx3tYOwJzfu7f47XBxrOyqOGl5eWXU/KDyJs 43 rIhySi1xSTJKAKXk5+8pi9YfmcixQXsGnzR1aRaw1D3ochcUWYXe/44EBB4bK2Mi 44 MJBAposdOW8bONwKcQXFLXtUUkW3JfdzY+61OEuo647FtYPRPUMphIoEWuTiUPWj 45 XsTOXPpxew0hjd3LROueL3kQ+PuuMubdAdKj44ej4eXYKAyKPQx75jTczPYiiRah 46 /Eu+iiyTwfJhWiTX5WE5luQ0KGCx2Th3RgtrvaPTO+PrEQ+xVQnvkupS0XdA4Um1 47 HGosjPP3TDdfomVmrazfPUzX3en23xJ+9DIgSxfP0dfbBNZQqVI31A1MN4oBbm1k 48 iMXXOaKwwgChVwrB5F1XGEviKt5YU1l4SD+Bhqe37gJ/+NtnMo/PAdODnVRQOSV7 49 Oqnh5m2ZYOJN2SWcPS0hnsLsc0a9tsiY6MIj7+Lsfx2b7I4NB2NFLFWVVOfXNc49 50 DdVfl4Eqcbox/IpTYwMpdUnVaCb4zukiB66Vxs/+SSGqmKrFO6aObtLudcH2MhlK 51 Wg+QGH1A8W9keoHha+dhW9nwlLNncx9YP4ZwKMTNavUzxv8Mu1LQcLs4BZt3I/mq 52 wrL3sZVWnr4wh0QOPpBtQ2Bhratdswkg6bcWA7eUJpzCD/C4/lKOX60ZNpoU7G7Q 53 BJtvLnNbJB4j2iKsoip2spftb5iTFz3Fq5Q9g7BEQIjb5CJtwuWBDg/ZVhP2GD8m 54 884Hxp7atHRqz4COW3CV7NYX0HVJzYgZJnS9BpGAAa+TyvVUSwJhUHJJdgCRgfho 55 LGi5abZWRQkSmrWZzxqw/TGMHwvi6xUxQnyWvr35uQmtE9LT8e02iNP0Ukz3HCDX 56 aKzB+IbTjVJZfd/UWzS4/KrXpUwnQCnidTirXM+D7iX9rOH6EfeQ0TMWaYL1ZSX3 57 -----END RSA PRIVATE KEY-----` 58 59 // Subject: C=US, ST=Utah, L=SLC, O=Venafi, Inc., OU=Engineering, OU=Quality Assurance, CN=certafi-bonjo.venafi.com 60 var certPEM = `-----BEGIN CERTIFICATE----- 61 MIIGmjCCBYKgAwIBAgIKVHuFEgABAABQyjANBgkqhkiG9w0BAQUFADBfMRMwEQYK 62 CZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGdmVuYWZpMRUwEwYKCZIm 63 iZPyLGQBGRYFdmVucWExGTAXBgNVBAMTEFZlblFBIENsYXNzIEcgQ0EwHhcNMTYw 64 MjI2MTk0NzMwWhcNMTYwMzAyMTk0NzMwWjCBljELMAkGA1UEBhMCVVMxDTALBgNV 65 BAgTBFV0YWgxDDAKBgNVBAcTA1NMQzEVMBMGA1UEChMMVmVuYWZpLCBJbmMuMRQw 66 EgYDVQQLEwtFbmdpbmVlcmluZzEaMBgGA1UECxMRUXVhbGl0eSBBc3N1cmFuY2Ux 67 ITAfBgNVBAMTGGNlcnRhZmktYm9uam8udmVuYWZpLmNvbTCCASIwDQYJKoZIhvcN 68 AQEBBQADggEPADCCAQoCggEBAN0E7Ez+UNB0gQa1YS25L/uQuacQkNva6RvAexRO 69 5ow9mZBRVbfYP/K3vvFgJpebUFuvyctidkco422dkWRFjX+6tTl2tgU9vFySkMg1 70 dP9Cy2LdiSibQf+SmqOTkeH0rgjQSOxUepHCdPP4FwfQV5J7SZEYPVTZ8AOBfyON 71 0ZxOjcw3RlT1EaJ0bBQM801J90F5KSvoEW8IL3Ttu4pYLSeb8KX5+xbJs6deQTSq 72 TDWIGxl+xvZLwcJwDXTWqOsx2XyynjfCTL/Ox/QkSSsLnRP0oG4xdW1Kkk8v4hef 73 6Zz/8nK7aJhR2aqybOjYBGFp61fXREUqJufjWKuzj0IgNEkCAwEAAaOCAx4wggMa 74 MB0GA1UdDgQWBBRHyE5rv1Il20ys6I5zblqwiPeNrzAfBgNVHSMEGDAWgBTzfiJW 75 xHk+5FI7Rch+opVcolhaeDCBsAYDVR0fBIGoMIGlMIGioIGfoIGchk9odHRwOi8v 76 dmVucWEtMms4LWljYTEudmVucWEudmVuYWZpLmNvbS9DZXJ0RW5yb2xsL1ZlblFB 77 JTIwQ2xhc3MlMjBHJTIwQ0EoMSkuY3JshklmaWxlOi8vVmVuUUEtMms4LUlDQTEu 78 dmVucWEudmVuYWZpLmNvbS9DZXJ0RW5yb2xsL1ZlblFBIENsYXNzIEcgQ0EoMSku 79 Y3JsMIIBggYIKwYBBQUHAQEEggF0MIIBcDCBvQYIKwYBBQUHMAKGgbBsZGFwOi8v 80 L0NOPVZlblFBJTIwQ2xhc3MlMjBHJTIwQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtl 81 eSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9dmVu 82 cWEsREM9dmVuYWZpLERDPWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xh 83 c3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTB1BggrBgEFBQcwAoZpZmlsZTovL1Zl 84 blFBLTJrOC1JQ0ExLnZlbnFhLnZlbmFmaS5jb20vQ2VydEVucm9sbC9WZW5RQS0y 85 azgtSUNBMS52ZW5xYS52ZW5hZmkuY29tX1ZlblFBIENsYXNzIEcgQ0EoMSkuY3J0 86 MDcGCCsGAQUFBzABhitodHRwOi8vdmVucWEtMms4LWljYTEudmVucWEudmVuYWZp 87 LmNvbS9vY3NwMAsGA1UdDwQEAwIFoDA7BgkrBgEEAYI3FQcELjAsBiQrBgEEAYI3 88 FQiBj4lyhISwavWdEIeW/3zEiRVggqTHRof7vysCAWQCARcwEwYDVR0lBAwwCgYI 89 KwYBBQUHAwEwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDATAjBgNVHREEHDAa 90 ghhjZXJ0YWZpLWJvbmpvLnZlbmFmaS5jb20wDQYJKoZIhvcNAQEFBQADggEBAECq 91 dUFmousqf10dC6V8COtvwJlKw54e8RHbSCSmkkssd77X+vcZ76Nj9Jp9UJGd/ROQ 92 hQEkXWVklR38SU5Nh1Tb6Uj3yFgt4yLuOESLC7S+N7Qawwt4VgGlBrwx2eoRoU3r 93 5ptNL0yh3/EjN45727Ip8PW8TlTFESUVkMluZZJj+L8Hp3Ysp7dW4kZp4ACP7O3h 94 lD8dY3kNhPapH4zbgCUeX+eYONVF6v+hMBDdC26pfsTPxM0Q2wRnobazuRN4P2wj 95 buajuhfTXPNfJMm8WXuK54C5fkmh2AwVx/CosyAO1jvkgNz21l2dTLve/fXo5xrJ 96 qQvIVrfH+g+GOOdqFL8= 97 -----END CERTIFICATE-----` 98 99 var rootPEM = []string{`-----BEGIN CERTIFICATE----- 100 MIIGGzCCBQOgAwIBAgIKK0kjHQAAACaHWjANBgkqhkiG9w0BAQUFADBXMRMwEQYK 101 CZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGdmVuYWZpMRUwEwYKCZIm 102 iZPyLGQBGRYFdmVucWExETAPBgNVBAMTCFZlblFBIENBMB4XDTE0MDMwOTA3MzIw 103 N1oXDTE2MDMwOTA3NDIwN1owXzETMBEGCgmSJomT8ixkARkWA2NvbTEWMBQGCgmS 104 JomT8ixkARkWBnZlbmFmaTEVMBMGCgmSJomT8ixkARkWBXZlbnFhMRkwFwYDVQQD 105 ExBWZW5RQSBDbGFzcyBHIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC 106 AQEArRMPTrwXRaD71Szy070JQC1lw+k9LfhD7tLqn7lr8Og242+lxFERFolQdYW6 107 v0uvcnZrJxGj+c3BJv7JLSdLumN4+N9z+COlHj2hIEmZuH//a3iKA5+Y+46wsWqM 108 MNFxonMUYDRtH/cocx/Ym7yE+8DyuTXc4zZ38hgFiusDrCH9d4zKEdQrPiLc5EgI 109 oewa0JFiudm7Kph2th75o+KwyUXEmfAUjIoGlCC7F/0GREPij7tOfgXKodNVXz3K 110 zfucg0p8vf3wd5K6xnzG1Fo/0o3GlHZmM5TfLDurx/mgmde8LftC6BHtdBC+pwp0 111 pvyMUJab0Br6AlZeZG04IrVPBwIDAQABo4IC3zCCAtswEgYJKwYBBAGCNxUBBAUC 112 AwEAATAjBgkrBgEEAYI3FQIEFgQUjR/UGsyByiYbUReb1Jzr9Tk5DmcwHQYDVR0O 113 BBYEFPN+IlbEeT7kUjtFyH6ilVyiWFp4MBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIA 114 QwBBMAsGA1UdDwQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaA 115 FEZWjbfYskbT3yHoRBI8UBNBLDsBMIIBWwYDVR0fBIIBUjCCAU4wggFKoIIBRqCC 116 AUKGP2h0dHA6Ly8yazgtdmVucWEtcGRjLnZlbnFhLnZlbmFmaS5jb20vQ2VydEVu 117 cm9sbC9WZW5RQSUyMENBLmNybIaBv2xkYXA6Ly8vQ049VmVuUUElMjBDQSxDTj0y 118 azgtdmVucWEtcGRjLENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxD 119 Tj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPXZlbnFhLERDPXZlbmFmaSxE 120 Qz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNz 121 PWNSTERpc3RyaWJ1dGlvblBvaW50hj1maWxlOi8vMms4LXZlbnFhLXBkYy52ZW5x 122 YS52ZW5hZmkuY29tL0NlcnRFbnJvbGwvVmVuUUEgQ0EuY3JsMIHEBggrBgEFBQcB 123 AQSBtzCBtDCBsQYIKwYBBQUHMAKGgaRsZGFwOi8vL0NOPVZlblFBJTIwQ0EsQ049 124 QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNv 125 bmZpZ3VyYXRpb24sREM9dmVucWEsREM9dmVuYWZpLERDPWNvbT9jQUNlcnRpZmlj 126 YXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkq 127 hkiG9w0BAQUFAAOCAQEATNA8Cwul1UBQJHd+50b9g4jnXX7Kf+bUUmE9iJGOr2aB 128 E7/MAHGdjftvdJY0X+l1h8XS3Oaquo8trdGlxh9dBrQEYP2YlXnHgmY2xrI92bzd 129 ii3B9ZzLNKbMMPjowujZeB3GmytdNZvK+ghWZRZ9A2wNgYK4OTVJjlMDd9L8558T 130 yDnExeinI24X+z8CF1bYR5dX1NJThcwLwRPQd7EOQqYrfJV/7hsklbAypLAqePXt 131 P9B+DQ5bwFajgeL5en9UOfkJv34Y6xiZw5uZFuJD3QFqwpc5U6StaFfktYsKdYnK 132 2yktNHCiuRjFjzY27T2Ss2knEIbLjOJRZ+GRVxPm0Q== 133 -----END CERTIFICATE-----`, 134 `-----BEGIN CERTIFICATE----- 135 MIIDnjCCAoagAwIBAgIQSTHIy/5JtJ5D2IopGzYu2zANBgkqhkiG9w0BAQUFADBX 136 MRMwEQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGdmVuYWZpMRUw 137 EwYKCZImiZPyLGQBGRYFdmVucWExETAPBgNVBAMTCFZlblFBIENBMB4XDTEyMTEw 138 OTIyNDkwM1oXDTE3MTEwOTIyNTgzMlowVzETMBEGCgmSJomT8ixkARkWA2NvbTEW 139 MBQGCgmSJomT8ixkARkWBnZlbmFmaTEVMBMGCgmSJomT8ixkARkWBXZlbnFhMREw 140 DwYDVQQDEwhWZW5RQSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB 141 AJbrRU0aJwpditlw4c8PlLEc4vhtMuTIVCE2eGmQ3ozSByo/rgfbnyXjTIXR9Oyf 142 fbL/1wMQ3wieZ6+oPmrd+65rD+yKZc+jZPSzuZCklLgTmn5PhKq3qG6A/g9Ak6v8 143 Ubhhf5ohcdv8gzWo22h0KX+PL0RBZS+Zo+HfC8dVuB3ulTBAcxoOJcVW2BM0A5B6 144 VfAz+Haf2W3iq3qOq68XaRJh1/ul7eceufH/WHITNWXOLneudrWElm4iU82DbKVR 145 xVCkckTOtP3MY6F7iG1NxYaDCmv412arZTwqaGOaVt6a0fvF9S/fs4U+S5A8qRkN 146 8AF8vKF3tWArFnOfiZ+rHhsCAwEAAaNmMGQwEwYJKwYBBAGCNxQCBAYeBABDAEEw 147 CwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEZWjbfYskbT 148 3yHoRBI8UBNBLDsBMBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IB 149 AQAVuy2zduBG6XXUTx5gnZQlAa+fuPv/7G332XOUqct6D5RdUN9Ud9Q3c1GcUrdx 150 t71om/qWw1JhgnvHY2Ilopq1EtwYcrpf+Vq8FGK0eZKkT70AKEgSM6+86as7sqQs 151 3nIoJFBYOBLm1Dz4zms51Vgi75qCl4sW0TksIPqF6ZFRsHTyfaNp+6tDncivhfJ0 152 /72oturg7T2X2Voj2F74mO3+ulzdXH06xbd1NFRozaYgEB21U5S0shSrdOGHB1R8 153 tgKbuMWPjeVvjGy45NK5XTIDQLzr9fbLM3+7ODfbj0qtvvvpqrUwlhKn3052RgNL 154 2pDjcSrk0YMU5/VX4IWr7vrZ 155 -----END CERTIFICATE-----`} 156 157 func TestNewPEMCollection(t *testing.T) { 158 _, err := NewPEMCollection(nil, nil, nil) 159 if err != nil { 160 t.Fatalf("NewCollection should be created with a nil certificate") 161 } 162 163 cert, pk, err := generateTestCertificate() 164 if err != nil { 165 t.Fatalf("Error generating test certificate\nError: %s", err) 166 } 167 168 col, err := NewPEMCollection(cert, pk, []byte("test")) 169 if err != nil { 170 t.Fatalf("Error creating collection. Error: %s", err) 171 } 172 if col.Certificate == "" { 173 t.Fatalf("PEMCertificate in collection is empty") 174 } 175 if col.PrivateKey == "" { 176 t.Fatalf("PEMPrivateKey in collection is empty") 177 } 178 } 179 180 func TestAddChainElementToPEMCollection(t *testing.T) { 181 p, _ := pem.Decode([]byte(pkPEM)) 182 b, err := x509.DecryptPEMBlock(p, []byte("Passw0rd")) 183 if err != nil { 184 t.Fatalf("Error: %s", err) 185 } 186 pk, err := x509.ParsePKCS1PrivateKey(b) 187 if err != nil { 188 t.Fatalf("Error: %s", err) 189 } 190 191 p, _ = pem.Decode([]byte(certPEM)) 192 cert, err := x509.ParseCertificate(p.Bytes) 193 if err != nil { 194 t.Fatalf("Error: %s", err) 195 } 196 197 col, err := NewPEMCollection(cert, pk, nil) 198 if err != nil { 199 t.Fatalf("Error: %s", err) 200 } 201 202 for _, s := range rootPEM { 203 p, _ = pem.Decode([]byte(s)) 204 root, err := x509.ParseCertificate(p.Bytes) 205 if err != nil { 206 t.Fatalf("Error: %s", err) 207 } 208 209 err = col.AddChainElement(root) 210 if err != nil { 211 t.Fatalf("Error: %s", err) 212 } 213 } 214 215 if len(col.Chain) != 2 { 216 t.Fatalf("PEM Chain did not contain the expected number of elements 2, actual count %d", len(col.Chain)) 217 } 218 } 219 220 func TestPEMCollectionFromBytes(t *testing.T) { 221 var bytes []byte = []byte{} 222 223 t.Log("empty") 224 pcc, err := PEMCollectionFromBytes(bytes, ChainOptionRootLast) 225 if err != nil { 226 t.Fatalf("Error: %s", err) 227 } 228 229 t.Log("default order (cert first)") 230 bytes = append(bytes, []byte(certPEM)...) 231 bytes = append(bytes, '\n') 232 bytes = append(bytes, []byte(rootPEM[0])...) 233 bytes = append(bytes, '\n') 234 bytes = append(bytes, []byte(rootPEM[1])...) 235 bytes = append(bytes, '\n') 236 bytes = append(bytes, []byte(pkPEM)...) 237 238 pcc, err = PEMCollectionFromBytes(bytes, ChainOptionRootLast) 239 if err != nil { 240 t.Fatalf("Error: %s", err) 241 } 242 p, _ := pem.Decode([]byte(pcc.Certificate)) 243 cert, err := x509.ParseCertificate(p.Bytes) 244 if err != nil || cert.Subject.CommonName != "certafi-bonjo.venafi.com" { 245 t.Fatalf("failed read certificate from bytes: %s\nbytes:%s", err, string(bytes)) 246 } 247 if pcc.PrivateKey == "" { 248 t.Fatalf("failed to read private key from bytes: %s", string(bytes)) 249 } 250 if len(pcc.Chain) != 2 { 251 t.Fatalf("failed to read chain from bytes: %s", string(bytes)) 252 } 253 254 t.Log("reverse order (chain first)") 255 bytes = []byte{} 256 bytes = append(bytes, []byte(rootPEM[1])...) 257 bytes = append(bytes, '\n') 258 bytes = append(bytes, []byte(rootPEM[0])...) 259 bytes = append(bytes, '\n') 260 bytes = append(bytes, []byte(certPEM)...) 261 bytes = append(bytes, '\n') 262 bytes = append(bytes, []byte(pkPEM)...) 263 264 pcc, err = PEMCollectionFromBytes(bytes, ChainOptionRootFirst) 265 if err != nil { 266 t.Fatalf("Error: %s", err) 267 } 268 p, _ = pem.Decode([]byte(pcc.Certificate)) 269 cert, err = x509.ParseCertificate(p.Bytes) 270 if err != nil || cert.Subject.CommonName != "certafi-bonjo.venafi.com" { 271 t.Fatalf("failed read certificate from bytes: %s\nbytes:%s", err, string(bytes)) 272 } 273 if pcc.PrivateKey == "" { 274 t.Fatalf("failed to read private key from bytes: %s", string(bytes)) 275 } 276 if len(pcc.Chain) != 2 { 277 t.Fatalf("failed to read chain from bytes: %s", string(bytes)) 278 } 279 280 t.Log("no chain") 281 bytes = []byte{} 282 bytes = append(bytes, []byte(certPEM)...) 283 bytes = append(bytes, '\n') 284 bytes = append(bytes, []byte(pkPEM)...) 285 286 pcc, err = PEMCollectionFromBytes(bytes, ChainOptionRootLast) 287 if err != nil { 288 t.Fatalf("Error: %s", err) 289 } 290 p, _ = pem.Decode([]byte(pcc.Certificate)) 291 cert, err = x509.ParseCertificate(p.Bytes) 292 if err != nil || cert.Subject.CommonName != "certafi-bonjo.venafi.com" { 293 t.Fatalf("failed read certificate from bytes: %s\nbytes:%s", err, string(bytes)) 294 } 295 if pcc.PrivateKey == "" { 296 t.Fatalf("failed to read private key from bytes: %s", string(bytes)) 297 } 298 if len(pcc.Chain) != 0 { 299 t.Fatalf("should be no chaing in bytes: %s", string(bytes)) 300 } 301 302 t.Log("cert only") 303 bytes = []byte{} 304 bytes = append(bytes, []byte(certPEM)...) 305 306 pcc, err = PEMCollectionFromBytes(bytes, ChainOptionRootLast) 307 if err != nil { 308 t.Fatalf("Error: %s", err) 309 } 310 p, _ = pem.Decode([]byte(pcc.Certificate)) 311 cert, err = x509.ParseCertificate(p.Bytes) 312 if err != nil || cert.Subject.CommonName != "certafi-bonjo.venafi.com" { 313 t.Fatalf("failed read certificate from bytes: %s\nbytes:%s", err, string(bytes)) 314 } 315 pcc, err = PEMCollectionFromBytes(bytes, ChainOptionRootFirst) 316 if err != nil { 317 t.Fatalf("Error: %s", err) 318 } 319 p, _ = pem.Decode([]byte(pcc.Certificate)) 320 cert, err = x509.ParseCertificate(p.Bytes) 321 if err != nil || cert.Subject.CommonName != "certafi-bonjo.venafi.com" { 322 t.Fatalf("failed read certificate from bytes: %s\nbytes:%s", err, string(bytes)) 323 } 324 if pcc.PrivateKey != "" { 325 t.Fatalf("should be no private key in bytes: %s", string(bytes)) 326 } 327 if len(pcc.Chain) != 0 { 328 t.Fatalf("should be no chaing in bytes: %s", string(bytes)) 329 } 330 } 331 332 func TestAddPrivateKey(t *testing.T) { 333 pk, _ := GenerateRSAPrivateKey(512) 334 335 pcc, _ := NewPEMCollection(nil, nil, nil) 336 err := pcc.AddPrivateKey(pk, []byte(os.Getenv(util.ENV_DUMMY_PASS))) 337 if !strings.Contains(pcc.PrivateKey, "PRIVATE KEY") || err != nil { 338 t.Fatalf("collection should have PEM encoded private key") 339 } 340 if !strings.Contains(pcc.PrivateKey, "ENCRYPTED") { 341 t.Fatalf("collection should have private key being encrypted") 342 } 343 344 pcc, err = NewPEMCollection(nil, nil, nil) 345 pcc.AddPrivateKey(pk, nil) 346 if strings.Contains(pcc.PrivateKey, "ENCRYPTED") || err != nil { 347 t.Fatalf("collection should have private key being un-encrypted") 348 } 349 350 pcc, err = NewPEMCollection(nil, nil, nil) 351 pcc.AddPrivateKey(pk, []byte("")) 352 if strings.Contains(pcc.PrivateKey, "ENCRYPTED") || err != nil { 353 t.Fatalf("collection should have private key being un-encrypted") 354 } 355 } 356 357 func TestChainOptionFromString(t *testing.T) { 358 co := ChainOptionFromString("RoOt-fIrSt") 359 if co != ChainOptionRootFirst { 360 t.Fatalf("ChainOptionFromString did not return the expected value of %v -- Actual value %v", ChainOptionRootFirst, co) 361 } 362 co = ChainOptionFromString("IGNORE") 363 if co != ChainOptionIgnore { 364 t.Fatalf("ChainOptionFromString did not return the expected value of %v -- Actual value %v", ChainOptionIgnore, co) 365 } 366 co = ChainOptionFromString("RoOt-LaSt") 367 if co != ChainOptionRootLast { 368 t.Fatalf("ChainOptionFromString did not return the expected value of %v -- Actual value %v", ChainOptionRootLast, co) 369 } 370 co = ChainOptionFromString("some value") 371 if co != ChainOptionRootLast { 372 t.Fatalf("ChainOptionFromString did not return the expected value of %v -- Actual value %v", ChainOptionRootLast, co) 373 } 374 }