github.com/haraldrudell/parl@v0.4.176/parlca/selfsigned_test.go

github.com/haraldrudell/parl@v0.4.176/parlca/selfsigned_test.go (about)

     1  /*
     2  © 2021–present Harald Rudell <harald.rudell@gmail.com> (https://haraldrudell.github.io/haraldrudell/)
     3  ISC License
     4  */
     5  
     6  package parlca
     7  
     8  import (
     9  	"crypto/x509"
    10  	"io/fs"
    11  	"os"
    12  	"path/filepath"
    13  	"strings"
    14  	"testing"
    15  
    16  	"github.com/haraldrudell/parl"
    17  	"github.com/haraldrudell/parl/perrors"
    18  	"github.com/haraldrudell/parl/pos"
    19  )
    20  
    21  // /usr/local/opt/openssl/bin/openssl x509 -in cert.der -inform der -noout -text
    22  // openssl x509 -in /etc/ssl/certs/VeriSign_Universal_Root_Certification_Authority.pem -inform pem -noout -text
    23  
    24  const (
    25  	ssDerExt                     = ".der"
    26  	ssPemExt                     = ".pem"
    27  	writeFileModeUrw fs.FileMode = 0600
    28  	openssl                      = "/opt/homebrew/Cellar/openssl@1.1/1.1.1o/bin/openssl"
    29  )
    30  
    31  func TestNewSelfSigned(t *testing.T) {
    32  	// doWriteFiles writes keys and certificates to user’s home directory
    33  	doWriteFiles := false
    34  	writeDir := pos.UserHomeDir()
    35  
    36  	var err error
    37  	var privateKey parl.PrivateKey
    38  	var x509Certificate *x509.Certificate
    39  
    40  	/*
    41  		// what data types must be provided?
    42  		var _ http.Server     // a golang http server is instantiated using http.Server struct
    43  		var _ tls.Config      // tls is defined in the http.Server field TLSConfig *tls.Config, struct
    44  		var _ tls.Certificate // the tls.Config field is Certificates []Certificate, struct
    45  		// tls.Certificate field Certificate [][]byte
    46  		var _ crypto.PrivateKey // tls.Certificate field PrivateKey crypto.PrivateKey: interface{}
    47  		var _ pkix.Name
    48  		var _ x509.Certificate
    49  	*/
    50  
    51  	for _, algo := range []x509.PublicKeyAlgorithm{x509.Ed25519, x509.RSA, x509.ECDSA} {
    52  
    53  		// create private and public key
    54  		if privateKey, err = NewPrivateKey(algo); err != nil {
    55  			t.Errorf("NewPrivateKey %s %s", algo.String(), perrors.Short(err))
    56  			t.FailNow()
    57  		}
    58  
    59  		if doWriteFiles {
    60  			algoName := strings.ToLower(algo.String())
    61  
    62  			filename := filepath.Join(writeDir, "ca-"+algoName+"-private"+ssDerExt)
    63  			t.Logf("Writing: %s", filename)
    64  			os.WriteFile(filename, privateKey.DERe(), writeFileModeUrw)
    65  			t.Logf("%s pkey -inform DER -in %s -text -noout", openssl, filename)
    66  
    67  			filename = filepath.Join(writeDir, "ca-"+algoName+"-private"+ssPemExt)
    68  			t.Logf("Writing: %s", filename)
    69  			os.WriteFile(filename, privateKey.PEMe(), writeFileModeUrw)
    70  			t.Logf("%s pkey -in %s -text -noout", openssl, filename)
    71  
    72  			// public der does not work
    73  			filename = filepath.Join(writeDir, "ca-"+algoName+"-public"+ssDerExt)
    74  			t.Logf("Writing: %s", filename)
    75  			os.WriteFile(filename, privateKey.PublicKey().DERe(), writeFileModeUrw)
    76  			t.Logf("%s pkey -inform DER -in %s -text -noout -pubin", openssl, filename)
    77  
    78  			filename = filepath.Join(writeDir, "ca-"+algoName+"-public"+ssPemExt)
    79  			t.Logf("Writing: %s", filename)
    80  			os.WriteFile(filename, privateKey.PublicKey().PEMe(), writeFileModeUrw)
    81  			t.Logf("%s pkey -in %s -text -noout -pubin", openssl, filename)
    82  		}
    83  
    84  		// create certificate authority
    85  		var ca parl.CertificateAuthority
    86  		if ca, err = NewSelfSigned("", algo); err != nil {
    87  			t.Errorf("NewSelfSigned %s %s ", algo.String(), perrors.Short(err))
    88  		}
    89  
    90  		if doWriteFiles {
    91  			filename := filepath.Join(writeDir, "ca-"+strings.ToLower(algo.String())+ssDerExt)
    92  			t.Logf("Writing: %s", filename)
    93  			os.WriteFile(filename, ca.DER(), writeFileModeUrw)
    94  			t.Logf("%s x509 -in %s -inform der -noout -text", openssl, filename)
    95  
    96  			filename = filepath.Join(writeDir, "ca-"+strings.ToLower(algo.String())+ssPemExt)
    97  			t.Logf("Writing: %s", filename)
    98  			os.WriteFile(filename, ca.PEM(), writeFileModeUrw)
    99  			t.Logf("%s x509 -in %s -noout -text", openssl, filename)
   100  		}
   101  
   102  		// CertificateAuthority.Check
   103  		if x509Certificate, err = ca.Check(); err != nil {
   104  			t.Errorf("ca.Check: %s", perrors.Short(err))
   105  			t.FailNow()
   106  		}
   107  		_ = x509Certificate
   108  
   109  	}
   110  
   111  	if doWriteFiles {
   112  		t.Fail()
   113  	}
   114  }
   115  
   116  func writeBytes(filename string, bytes []byte) (err error) {
   117  	var file *os.File
   118  	if file, err = os.OpenFile(filename, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600); err != nil {
   119  		err = perrors.Errorf("os.OpenFile %q: '%w'", filename, err)
   120  		return
   121  	}
   122  	defer func() {
   123  		if e := file.Close(); e != nil {
   124  			err = perrors.AppendError(err, e)
   125  		}
   126  	}()
   127  	_, err = file.Write(bytes)
   128  	return
   129  }