github.com/openshift/installer@v1.4.17/pkg/asset/tls/tls_test.go

github.com/openshift/installer@v1.4.17/pkg/asset/tls/tls_test.go (about)

     1  package tls
     2  
     3  import (
     4  	"crypto/rand"
     5  	"crypto/x509"
     6  	"crypto/x509/pkix"
     7  	"testing"
     8  	"time"
     9  )
    10  
    11  func TestSelfSignedCertificate(t *testing.T) {
    12  	key, err := PrivateKey()
    13  	if err != nil {
    14  		t.Fatalf("Failed to generate Private Key: %v", err)
    15  	}
    16  	cases := []struct {
    17  		cfg *CertCfg
    18  		err bool
    19  	}{
    20  		{
    21  			cfg: &CertCfg{
    22  				Validity:  time.Hour * 5,
    23  				KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
    24  				Subject: pkix.Name{
    25  					CommonName:         "root_ca",
    26  					OrganizationalUnit: []string{"openshift"},
    27  				},
    28  				IsCA: true,
    29  			},
    30  			err: false,
    31  		},
    32  		{
    33  			cfg: &CertCfg{
    34  				KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
    35  				Subject: pkix.Name{
    36  					CommonName: "root_ca",
    37  				},
    38  				IsCA: false,
    39  			},
    40  			err: true,
    41  		},
    42  		{
    43  			cfg: &CertCfg{
    44  				KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
    45  				Subject: pkix.Name{
    46  					OrganizationalUnit: []string{"openshift"},
    47  				},
    48  			},
    49  			err: true,
    50  		},
    51  	}
    52  	for i, c := range cases {
    53  		if _, err := SelfSignedCertificate(c.cfg, key); (err != nil) != c.err {
    54  			no := "no"
    55  			if c.err {
    56  				no = "an"
    57  			}
    58  			t.Errorf("test case %d: expected %s error, got %v", i, no, err)
    59  		}
    60  	}
    61  }
    62  
    63  func TestSignedCertificate(t *testing.T) {
    64  	key, err := PrivateKey()
    65  	if err != nil {
    66  		t.Fatalf("Failed to generate private key: %v", err)
    67  	}
    68  
    69  	cases := []struct {
    70  		Subject            pkix.Name
    71  		SignatureAlgorithm x509.SignatureAlgorithm
    72  		err                bool
    73  	}{
    74  		{
    75  			Subject: pkix.Name{
    76  				CommonName:         "csr",
    77  				OrganizationalUnit: []string{"openshift"},
    78  			},
    79  			err: false,
    80  		},
    81  		{
    82  			Subject: pkix.Name{},
    83  			err:     false,
    84  		},
    85  		{
    86  			Subject: pkix.Name{
    87  				CommonName:         "csr-wrong-alg",
    88  				OrganizationalUnit: []string{"openshift"},
    89  			},
    90  			SignatureAlgorithm: 123,
    91  			err:                true,
    92  		},
    93  	}
    94  	for i, c := range cases {
    95  		csrTmpl := x509.CertificateRequest{
    96  			Subject:            c.Subject,
    97  			SignatureAlgorithm: c.SignatureAlgorithm,
    98  		}
    99  		if _, err := x509.CreateCertificateRequest(rand.Reader, &csrTmpl, key); (err != nil) != c.err {
   100  			no := "no"
   101  			if c.err {
   102  				no = "an"
   103  			}
   104  			t.Errorf("test case %d: expected %s error, got %v", i, no, err)
   105  		}
   106  	}
   107  }