github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/pkg/secrets/testhelper/testhelper.go (about) 1 package testhelper 2 3 import ( 4 "crypto/x509" 5 6 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/claimsheader" 7 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/pkiverifier" 8 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/secrets" 9 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/secrets/compactpki" 10 "go.aporeto.io/enforcerd/trireme-lib/utils/crypto" 11 ) 12 13 // **** ATTENTION **** 14 // This package is only to help other packages to do unit tests. 15 // It's a very valid question, why arent they using a mock ! 16 17 // Certs 18 var ( 19 caPEM = `-----BEGIN CERTIFICATE----- 20 MIIBmzCCAUCgAwIBAgIRAIbf7tsXeg6vUJ2pe3WXzgwwCgYIKoZIzj0EAwIwPDEQ 21 MA4GA1UEChMHQXBvcmV0bzEPMA0GA1UECxMGYXBvbXV4MRcwFQYDVQQDEw5BcG9t 22 dXggUm9vdCBDQTAeFw0xODA1MDExODM3MjNaFw0yODAzMDkxODM3MjNaMDwxEDAO 23 BgNVBAoTB0Fwb3JldG8xDzANBgNVBAsTBmFwb211eDEXMBUGA1UEAxMOQXBvbXV4 24 IFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcpOm4VAWyNcI4/WZP 25 qj9EBu5XWQppyG2LoXVYNv1YCfJBFYuVERxVaZEcUJ0ceE/doFyphS1Ohw3QjqDQ 26 xakeoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO 27 PQQDAgNJADBGAiEA+OL+qkSyXwLu6P/75kXBPo8fFGvXyX2vYis0hUAyHJcCIQCn 28 86EFqkJDkeAguDEKvVtORcnxl+rAP924/PJAHLMh6Q== 29 -----END CERTIFICATE-----` 30 caKeyPEM = `-----BEGIN EC PRIVATE KEY----- 31 MHcCAQEEILpUWKqL6Sr+HrKDKLHt/vN6EYi22rJKV2q9xgKmiCqioAoGCCqGSM49 32 AwEHoUQDQgAEHKTpuFQFsjXCOP1mT6o/RAbuV1kKachti6F1WDb9WAnyQRWLlREc 33 VWmRHFCdHHhP3aBcqYUtTocN0I6g0MWpHg== 34 -----END EC PRIVATE KEY-----` 35 privateKeyPEM = `-----BEGIN EC PRIVATE KEY----- 36 MHcCAQEEIGx017ukBSUSddLXefL/5nxxaRXuM1H/tUxQAYxWBrQtoAoGCCqGSM49 37 AwEHoUQDQgAEZKBbcTmg0hGyVcgsUH7xijvaNOJ3EPM3Oq08VdCBsPNAojAR9wfX 38 KLO/w0SRKj1DL03a9dl1Gwk0r7F0VnPQyw== 39 -----END EC PRIVATE KEY-----` 40 publicPEM = `-----BEGIN CERTIFICATE----- 41 MIIBsDCCAVagAwIBAgIRAOmitRugFU+nAhiGsp6fYOwwCgYIKoZIzj0EAwIwPDEQ 42 MA4GA1UEChMHQXBvcmV0bzEPMA0GA1UECxMGYXBvbXV4MRcwFQYDVQQDEw5BcG9t 43 dXggUm9vdCBDQTAeFw0xODA1MDExODQwMzFaFw0yODAzMDkxODQwMzFaMDYxETAP 44 BgNVBAoTCHNvbWUgb3JnMRIwEAYDVQQLEwlzb21lLXVuaXQxDTALBgNVBAMTBHRl 45 c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARkoFtxOaDSEbJVyCxQfvGKO9o0 46 4ncQ8zc6rTxV0IGw80CiMBH3B9cos7/DRJEqPUMvTdr12XUbCTSvsXRWc9DLoz8w 47 PTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB 48 MAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgBNYmLdmHI2gKy2NqfSXn 49 MEDF56xWq7son2mcSePvLU8CIQCUxgYfDZDf067Y7vqLw1mWMlSnqECELnq7zel1 50 fXtpyA== 51 -----END CERTIFICATE-----` 52 ) 53 54 // createTxtToken creates a transmitter token 55 func createTxtToken() []byte { 56 caKey, err := crypto.LoadEllipticCurveKey([]byte(caKeyPEM)) 57 if err != nil { 58 panic("bad ca key ") 59 } 60 61 clientCert, err := crypto.LoadCertificate([]byte(publicPEM)) 62 if err != nil { 63 panic("bad client cert ") 64 } 65 66 p := pkiverifier.NewPKIIssuer(caKey) 67 token, err := p.CreateTokenFromCertificate(clientCert, []string{}) 68 if err != nil { 69 panic("can't create token") 70 } 71 return token 72 } 73 74 // NewTestCompactPKISecrets creates test secrets 75 func NewTestCompactPKISecrets() (*x509.Certificate, secrets.Secrets, error) { 76 txtKey, err := crypto.LoadEllipticCurveKey([]byte(privateKeyPEM)) 77 if err != nil { 78 return nil, nil, err 79 } 80 81 cert, err := crypto.LoadCertificate([]byte(publicPEM)) 82 if err != nil { 83 return nil, nil, err 84 } 85 86 issuer := pkiverifier.NewPKIIssuer(txtKey) 87 txtToken, err := issuer.CreateTokenFromCertificate(cert, []string{}) 88 if err != nil { 89 return nil, nil, err 90 } 91 92 tokenKey := &secrets.ControllerInfo{ 93 PublicKey: []byte(publicPEM), 94 } 95 96 scrts, err := compactpki.NewCompactPKIWithTokenCA([]byte(privateKeyPEM), []byte(publicPEM), []byte(caPEM), []*secrets.ControllerInfo{tokenKey}, txtToken, claimsheader.CompressionTypeV1) 97 if err != nil { 98 return nil, nil, err 99 } 100 101 return cert, scrts, nil 102 }