k8s.io/client-go@v0.22.2/util/keyutil/key_test.go (about) 1 /* 2 Copyright 2018 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package keyutil 18 19 import ( 20 "io/ioutil" 21 "os" 22 "testing" 23 ) 24 25 const ( 26 // rsaPrivateKey is a RSA Private Key in PKCS#1 format 27 // openssl genrsa -out rsa2048.pem 2048 28 rsaPrivateKey = `-----BEGIN RSA PRIVATE KEY----- 29 MIIEpAIBAAKCAQEA92mVjhBKOFsdxFzb/Pjq+7b5TJlODAdY5hK+WxLZTIrfhDPq 30 FWrGKdjSNiHbXrdEtwJh9V+RqPZVSN3aWy1224RgkyNdMJsXhJKuCC24ZKY8SXtW 31 xuTYmMRaMnCsv6QBGRTIbZ2EFbAObVM7lDyv1VqY3amZIWFQMlZ9CNpxDSPa5yi4 32 3gopbXkne0oGNmey9X0qtpk7NMZIgAL6Zz4rZ30bcfC2ag6RLOFI2E/c4n8c38R8 33 9MfXfLkj8/Cxo4JfI9NvRCpPOpFO8d/ZtWVUuIrBQN+Y7tkN2T60Qq/TkKXUrhDe 34 fwlTlktZVJ/GztLYU41b2GcWsh/XO+PH831rmwIDAQABAoIBAQCC9c6GDjVbM0/E 35 WurPMusfJjE7zII1d8YkspM0HfwLug6qKdikUYpnKC/NG4rEzfl/bbFwco/lgc6O 36 7W/hh2U8uQttlvCDA/Uk5YddKOZL0Hpk4vaB/SxxYK3luSKXpjY2knutGg2KdVCN 37 qdsFkkH4iyYTXuyBcMNEgedZQldI/kEujIH/L7FE+DF5TMzT4lHhozDoG+fy564q 38 qVGUZXJn0ubc3GaPn2QOLNNM44sfYA4UJCpKBXPu85bvNObjxVQO4WqwwxU1vRnL 39 UUsaGaelhSVJCo0dVPRvrfPPKZ09HTwpy40EkgQo6VriFc1EBoQDjENLbAJv9OfQ 40 aCc9wiZhAoGBAP/8oEy48Zbb0P8Vdy4djf5tfBW8yXFLWzXewJ4l3itKS1r42nbX 41 9q3cJsgRTQm8uRcMIpWxsc3n6zG+lREvTkoTB3ViI7+uQPiqA+BtWyNy7jzufFke 42 ONKZfg7QxxmYRWZBRnoNGNbMpNeERuLmhvQuom9D1WbhzAYJbfs/O4WTAoGBAPds 43 2FNDU0gaesFDdkIUGq1nIJqRQDW485LXZm4pFqBFxdOpbdWRuYT2XZjd3fD0XY98 44 Nhkpb7NTMCuK3BdKcqIptt+cK+quQgYid0hhhgZbpCQ5AL6c6KgyjgpYlh2enzU9 45 Zo3yg8ej1zbbA11sBlhX+5iO2P1u5DG+JHLwUUbZAoGAUwaU102EzfEtsA4+QW7E 46 hyjrfgFlNKHES4yb3K9bh57pIfBkqvcQwwMMcQdrfSUAw0DkVrjzel0mI1Q09QXq 47 1ould6UFAz55RC2gZEITtUOpkYmoOx9aPrQZ9qQwb1S77ZZuTVfCHqjxLhVxCFbM 48 npYhiQTvShciHTMhwMOZgpECgYAVV5EtVXBYltgh1YTc3EkUzgF087R7LdHsx6Gx 49 POATwRD4WfP8aQ58lpeqOPEM+LcdSlSMRRO6fyF3kAm+BJDwxfJdRWZQXumZB94M 50 I0VhRQRaj4Qt7PDwmTPBVrTUJzuKZxpyggm17b8Bn1Ch/VBqzGQKW8AB1E/grosM 51 UwhfuQKBgQC2JO/iqTQScHClf0qlItCJsBuVukFmSAVCkpOD8YdbdlPdOOwSk1wQ 52 C0eAlsC3BCMvkpidKQmra6IqIrvTGI6EFgkrb3aknWdup2w8j2udYCNqyE3W+fVe 53 p8FdYQ1FkACQ+daO5VlClL/9l0sGjKXlNKbpmJ2H4ngZmXj5uGmxuQ== 54 -----END RSA PRIVATE KEY-----` 55 56 // rsaPublicKey is a RSA Public Key in PEM encoded format 57 // openssl rsa -in rsa2048.pem -pubout -out rsa2048pub.pem 58 rsaPublicKey = `-----BEGIN PUBLIC KEY----- 59 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA92mVjhBKOFsdxFzb/Pjq 60 +7b5TJlODAdY5hK+WxLZTIrfhDPqFWrGKdjSNiHbXrdEtwJh9V+RqPZVSN3aWy12 61 24RgkyNdMJsXhJKuCC24ZKY8SXtWxuTYmMRaMnCsv6QBGRTIbZ2EFbAObVM7lDyv 62 1VqY3amZIWFQMlZ9CNpxDSPa5yi43gopbXkne0oGNmey9X0qtpk7NMZIgAL6Zz4r 63 Z30bcfC2ag6RLOFI2E/c4n8c38R89MfXfLkj8/Cxo4JfI9NvRCpPOpFO8d/ZtWVU 64 uIrBQN+Y7tkN2T60Qq/TkKXUrhDefwlTlktZVJ/GztLYU41b2GcWsh/XO+PH831r 65 mwIDAQAB 66 -----END PUBLIC KEY-----` 67 68 // certificate is an x509 certificate in PEM encoded format 69 // openssl req -new -key rsa2048.pem -sha256 -nodes -x509 -days 1826 -out x509certificate.pem -subj "/C=US/CN=not-valid" 70 certificate = `-----BEGIN CERTIFICATE----- 71 MIIDFTCCAf2gAwIBAgIJAN8B8NOwtiUCMA0GCSqGSIb3DQEBCwUAMCExCzAJBgNV 72 BAYTAlVTMRIwEAYDVQQDDAlub3QtdmFsaWQwHhcNMTcwMzIyMDI1NjM2WhcNMjIw 73 MzIyMDI1NjM2WjAhMQswCQYDVQQGEwJVUzESMBAGA1UEAwwJbm90LXZhbGlkMIIB 74 IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA92mVjhBKOFsdxFzb/Pjq+7b5 75 TJlODAdY5hK+WxLZTIrfhDPqFWrGKdjSNiHbXrdEtwJh9V+RqPZVSN3aWy1224Rg 76 kyNdMJsXhJKuCC24ZKY8SXtWxuTYmMRaMnCsv6QBGRTIbZ2EFbAObVM7lDyv1VqY 77 3amZIWFQMlZ9CNpxDSPa5yi43gopbXkne0oGNmey9X0qtpk7NMZIgAL6Zz4rZ30b 78 cfC2ag6RLOFI2E/c4n8c38R89MfXfLkj8/Cxo4JfI9NvRCpPOpFO8d/ZtWVUuIrB 79 QN+Y7tkN2T60Qq/TkKXUrhDefwlTlktZVJ/GztLYU41b2GcWsh/XO+PH831rmwID 80 AQABo1AwTjAdBgNVHQ4EFgQU1I5GfinLF7ta+dBJ6UWcrYaexLswHwYDVR0jBBgw 81 FoAU1I5GfinLF7ta+dBJ6UWcrYaexLswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B 82 AQsFAAOCAQEAUl0wUD4y41juHFOVMYiziPYr1ShSpQXdwp8FfaHrzI5hsr8UMe8D 83 dzb9QzZ4bx3yZhiG3ahrSBh956thMTHrKTEwAfJIEXI4cuSVWQAaOJ4Em5SDFxQe 84 d0E6Ui2nGh1SFGF7oyuEXyzqgRMWFNDFw9HLUNgXaO18Zfouw8+K0BgbfEWEcSi1 85 JLQbyhCjz088gltrliQGPWDFAg9cHBKtJhuTzZkvuqK1CLEmBhtzP1zFiGBfOJc8 86 v+aKjAwrPUNX11cXOCPxBv2qXMetxaovBem6AI2hvypCInXaVQfP+yOLubzlTDjS 87 Y708SlY38hmS1uTwDpyLOn8AKkZ8jtx75g== 88 -----END CERTIFICATE-----` 89 90 // ecdsaPrivateKeyWithParams is a ECDSA Private Key with included EC Parameters block 91 // openssl ecparam -name prime256v1 -genkey -out ecdsa256params.pem 92 ecdsaPrivateKeyWithParams = `-----BEGIN EC PARAMETERS----- 93 BggqhkjOPQMBBw== 94 -----END EC PARAMETERS----- 95 -----BEGIN EC PRIVATE KEY----- 96 MHcCAQEEIAwSOWQqlMTZNqNF7tgua812Jxib1DVOgb2pHHyIEyNNoAoGCCqGSM49 97 AwEHoUQDQgAEyxYNrs6a6tsNCFNYn+l+JDUZ0PnUZbcsDgJn2O62D1se8M5iQ5rY 98 iIv6RpxE3VHvlHEIvYgCZkG0jHszTUopBg== 99 -----END EC PRIVATE KEY-----` 100 101 // ecdsaPrivateKey is a ECDSA Private Key in ASN.1 format 102 // openssl ecparam -name prime256v1 -genkey -noout -out ecdsa256.pem 103 ecdsaPrivateKey = `-----BEGIN EC PRIVATE KEY----- 104 MHcCAQEEIP6Qw6dHDiLsSnLXUhQVTPE0fTQQrj3XSbiQAZPXnk5+oAoGCCqGSM49 105 AwEHoUQDQgAEZZzi1u5f2/AEGFI/HYUhU+u6cTK1q2bbtE7r1JMK+/sQA5sNAp+7 106 Vdc3psr1OaNzyTyuhTECyRdFKXm63cMnGg== 107 -----END EC PRIVATE KEY-----` 108 109 // ecdsaPublicKey is a ECDSA Public Key in PEM encoded format 110 // openssl ec -in ecdsa256.pem -pubout -out ecdsa256pub.pem 111 ecdsaPublicKey = `-----BEGIN PUBLIC KEY----- 112 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZZzi1u5f2/AEGFI/HYUhU+u6cTK1 113 q2bbtE7r1JMK+/sQA5sNAp+7Vdc3psr1OaNzyTyuhTECyRdFKXm63cMnGg== 114 -----END PUBLIC KEY-----` 115 ) 116 117 func TestReadPrivateKey(t *testing.T) { 118 f, err := ioutil.TempFile("", "") 119 if err != nil { 120 t.Fatalf("error creating tmpfile: %v", err) 121 } 122 defer os.Remove(f.Name()) 123 124 if _, err := PrivateKeyFromFile(f.Name()); err == nil { 125 t.Fatalf("Expected error reading key from empty file, got none") 126 } 127 128 if err := ioutil.WriteFile(f.Name(), []byte(rsaPrivateKey), os.FileMode(0600)); err != nil { 129 t.Fatalf("error writing private key to tmpfile: %v", err) 130 } 131 if _, err := PrivateKeyFromFile(f.Name()); err != nil { 132 t.Fatalf("error reading private RSA key: %v", err) 133 } 134 135 if err := ioutil.WriteFile(f.Name(), []byte(ecdsaPrivateKey), os.FileMode(0600)); err != nil { 136 t.Fatalf("error writing private key to tmpfile: %v", err) 137 } 138 if _, err := PrivateKeyFromFile(f.Name()); err != nil { 139 t.Fatalf("error reading private ECDSA key: %v", err) 140 } 141 142 if err := ioutil.WriteFile(f.Name(), []byte(ecdsaPrivateKeyWithParams), os.FileMode(0600)); err != nil { 143 t.Fatalf("error writing private key to tmpfile: %v", err) 144 } 145 if _, err := PrivateKeyFromFile(f.Name()); err != nil { 146 t.Fatalf("error reading private ECDSA key with params: %v", err) 147 } 148 } 149 150 func TestReadPublicKeys(t *testing.T) { 151 f, err := ioutil.TempFile("", "") 152 if err != nil { 153 t.Fatalf("error creating tmpfile: %v", err) 154 } 155 defer os.Remove(f.Name()) 156 157 if _, err := PublicKeysFromFile(f.Name()); err == nil { 158 t.Fatalf("Expected error reading keys from empty file, got none") 159 } 160 161 if err := ioutil.WriteFile(f.Name(), []byte(rsaPublicKey), os.FileMode(0600)); err != nil { 162 t.Fatalf("error writing public key to tmpfile: %v", err) 163 } 164 if keys, err := PublicKeysFromFile(f.Name()); err != nil { 165 t.Fatalf("error reading RSA public key: %v", err) 166 } else if len(keys) != 1 { 167 t.Fatalf("expected 1 key, got %d", len(keys)) 168 } 169 170 if err := ioutil.WriteFile(f.Name(), []byte(ecdsaPublicKey), os.FileMode(0600)); err != nil { 171 t.Fatalf("error writing public key to tmpfile: %v", err) 172 } 173 if keys, err := PublicKeysFromFile(f.Name()); err != nil { 174 t.Fatalf("error reading ECDSA public key: %v", err) 175 } else if len(keys) != 1 { 176 t.Fatalf("expected 1 key, got %d", len(keys)) 177 } 178 179 if err := ioutil.WriteFile(f.Name(), []byte(rsaPublicKey+"\n"+ecdsaPublicKey), os.FileMode(0600)); err != nil { 180 t.Fatalf("error writing public key to tmpfile: %v", err) 181 } 182 if keys, err := PublicKeysFromFile(f.Name()); err != nil { 183 t.Fatalf("error reading combined RSA/ECDSA public key file: %v", err) 184 } else if len(keys) != 2 { 185 t.Fatalf("expected 2 keys, got %d", len(keys)) 186 } 187 188 if err := ioutil.WriteFile(f.Name(), []byte(certificate), os.FileMode(0600)); err != nil { 189 t.Fatalf("error writing certificate to tmpfile: %v", err) 190 } 191 if keys, err := PublicKeysFromFile(f.Name()); err != nil { 192 t.Fatalf("error reading public key from certificate file: %v", err) 193 } else if len(keys) != 1 { 194 t.Fatalf("expected 1 keys, got %d", len(keys)) 195 } 196 197 }