k8s.io/client-go@v0.31.1/util/keyutil/key_test.go (about) 1 /* 2 Copyright 2018 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package keyutil 18 19 import ( 20 "os" 21 "testing" 22 ) 23 24 const ( 25 // rsaPrivateKey is a RSA Private Key in PKCS#1 format 26 // openssl genrsa -out rsa2048.pem 2048 27 rsaPrivateKey = `-----BEGIN RSA PRIVATE KEY----- 28 MIIEpAIBAAKCAQEA92mVjhBKOFsdxFzb/Pjq+7b5TJlODAdY5hK+WxLZTIrfhDPq 29 FWrGKdjSNiHbXrdEtwJh9V+RqPZVSN3aWy1224RgkyNdMJsXhJKuCC24ZKY8SXtW 30 xuTYmMRaMnCsv6QBGRTIbZ2EFbAObVM7lDyv1VqY3amZIWFQMlZ9CNpxDSPa5yi4 31 3gopbXkne0oGNmey9X0qtpk7NMZIgAL6Zz4rZ30bcfC2ag6RLOFI2E/c4n8c38R8 32 9MfXfLkj8/Cxo4JfI9NvRCpPOpFO8d/ZtWVUuIrBQN+Y7tkN2T60Qq/TkKXUrhDe 33 fwlTlktZVJ/GztLYU41b2GcWsh/XO+PH831rmwIDAQABAoIBAQCC9c6GDjVbM0/E 34 WurPMusfJjE7zII1d8YkspM0HfwLug6qKdikUYpnKC/NG4rEzfl/bbFwco/lgc6O 35 7W/hh2U8uQttlvCDA/Uk5YddKOZL0Hpk4vaB/SxxYK3luSKXpjY2knutGg2KdVCN 36 qdsFkkH4iyYTXuyBcMNEgedZQldI/kEujIH/L7FE+DF5TMzT4lHhozDoG+fy564q 37 qVGUZXJn0ubc3GaPn2QOLNNM44sfYA4UJCpKBXPu85bvNObjxVQO4WqwwxU1vRnL 38 UUsaGaelhSVJCo0dVPRvrfPPKZ09HTwpy40EkgQo6VriFc1EBoQDjENLbAJv9OfQ 39 aCc9wiZhAoGBAP/8oEy48Zbb0P8Vdy4djf5tfBW8yXFLWzXewJ4l3itKS1r42nbX 40 9q3cJsgRTQm8uRcMIpWxsc3n6zG+lREvTkoTB3ViI7+uQPiqA+BtWyNy7jzufFke 41 ONKZfg7QxxmYRWZBRnoNGNbMpNeERuLmhvQuom9D1WbhzAYJbfs/O4WTAoGBAPds 42 2FNDU0gaesFDdkIUGq1nIJqRQDW485LXZm4pFqBFxdOpbdWRuYT2XZjd3fD0XY98 43 Nhkpb7NTMCuK3BdKcqIptt+cK+quQgYid0hhhgZbpCQ5AL6c6KgyjgpYlh2enzU9 44 Zo3yg8ej1zbbA11sBlhX+5iO2P1u5DG+JHLwUUbZAoGAUwaU102EzfEtsA4+QW7E 45 hyjrfgFlNKHES4yb3K9bh57pIfBkqvcQwwMMcQdrfSUAw0DkVrjzel0mI1Q09QXq 46 1ould6UFAz55RC2gZEITtUOpkYmoOx9aPrQZ9qQwb1S77ZZuTVfCHqjxLhVxCFbM 47 npYhiQTvShciHTMhwMOZgpECgYAVV5EtVXBYltgh1YTc3EkUzgF087R7LdHsx6Gx 48 POATwRD4WfP8aQ58lpeqOPEM+LcdSlSMRRO6fyF3kAm+BJDwxfJdRWZQXumZB94M 49 I0VhRQRaj4Qt7PDwmTPBVrTUJzuKZxpyggm17b8Bn1Ch/VBqzGQKW8AB1E/grosM 50 UwhfuQKBgQC2JO/iqTQScHClf0qlItCJsBuVukFmSAVCkpOD8YdbdlPdOOwSk1wQ 51 C0eAlsC3BCMvkpidKQmra6IqIrvTGI6EFgkrb3aknWdup2w8j2udYCNqyE3W+fVe 52 p8FdYQ1FkACQ+daO5VlClL/9l0sGjKXlNKbpmJ2H4ngZmXj5uGmxuQ== 53 -----END RSA PRIVATE KEY-----` 54 55 // rsaPublicKey is a RSA Public Key in PEM encoded format 56 // openssl rsa -in rsa2048.pem -pubout -out rsa2048pub.pem 57 rsaPublicKey = `-----BEGIN PUBLIC KEY----- 58 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA92mVjhBKOFsdxFzb/Pjq 59 +7b5TJlODAdY5hK+WxLZTIrfhDPqFWrGKdjSNiHbXrdEtwJh9V+RqPZVSN3aWy12 60 24RgkyNdMJsXhJKuCC24ZKY8SXtWxuTYmMRaMnCsv6QBGRTIbZ2EFbAObVM7lDyv 61 1VqY3amZIWFQMlZ9CNpxDSPa5yi43gopbXkne0oGNmey9X0qtpk7NMZIgAL6Zz4r 62 Z30bcfC2ag6RLOFI2E/c4n8c38R89MfXfLkj8/Cxo4JfI9NvRCpPOpFO8d/ZtWVU 63 uIrBQN+Y7tkN2T60Qq/TkKXUrhDefwlTlktZVJ/GztLYU41b2GcWsh/XO+PH831r 64 mwIDAQAB 65 -----END PUBLIC KEY-----` 66 67 // certificate is an x509 certificate in PEM encoded format 68 // openssl req -new -key rsa2048.pem -sha256 -nodes -x509 -days 1826 -out x509certificate.pem -subj "/C=US/CN=not-valid" 69 certificate = `-----BEGIN CERTIFICATE----- 70 MIIDFTCCAf2gAwIBAgIJAN8B8NOwtiUCMA0GCSqGSIb3DQEBCwUAMCExCzAJBgNV 71 BAYTAlVTMRIwEAYDVQQDDAlub3QtdmFsaWQwHhcNMTcwMzIyMDI1NjM2WhcNMjIw 72 MzIyMDI1NjM2WjAhMQswCQYDVQQGEwJVUzESMBAGA1UEAwwJbm90LXZhbGlkMIIB 73 IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA92mVjhBKOFsdxFzb/Pjq+7b5 74 TJlODAdY5hK+WxLZTIrfhDPqFWrGKdjSNiHbXrdEtwJh9V+RqPZVSN3aWy1224Rg 75 kyNdMJsXhJKuCC24ZKY8SXtWxuTYmMRaMnCsv6QBGRTIbZ2EFbAObVM7lDyv1VqY 76 3amZIWFQMlZ9CNpxDSPa5yi43gopbXkne0oGNmey9X0qtpk7NMZIgAL6Zz4rZ30b 77 cfC2ag6RLOFI2E/c4n8c38R89MfXfLkj8/Cxo4JfI9NvRCpPOpFO8d/ZtWVUuIrB 78 QN+Y7tkN2T60Qq/TkKXUrhDefwlTlktZVJ/GztLYU41b2GcWsh/XO+PH831rmwID 79 AQABo1AwTjAdBgNVHQ4EFgQU1I5GfinLF7ta+dBJ6UWcrYaexLswHwYDVR0jBBgw 80 FoAU1I5GfinLF7ta+dBJ6UWcrYaexLswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B 81 AQsFAAOCAQEAUl0wUD4y41juHFOVMYiziPYr1ShSpQXdwp8FfaHrzI5hsr8UMe8D 82 dzb9QzZ4bx3yZhiG3ahrSBh956thMTHrKTEwAfJIEXI4cuSVWQAaOJ4Em5SDFxQe 83 d0E6Ui2nGh1SFGF7oyuEXyzqgRMWFNDFw9HLUNgXaO18Zfouw8+K0BgbfEWEcSi1 84 JLQbyhCjz088gltrliQGPWDFAg9cHBKtJhuTzZkvuqK1CLEmBhtzP1zFiGBfOJc8 85 v+aKjAwrPUNX11cXOCPxBv2qXMetxaovBem6AI2hvypCInXaVQfP+yOLubzlTDjS 86 Y708SlY38hmS1uTwDpyLOn8AKkZ8jtx75g== 87 -----END CERTIFICATE-----` 88 89 // ecdsaPrivateKeyWithParams is a ECDSA Private Key with included EC Parameters block 90 // openssl ecparam -name prime256v1 -genkey -out ecdsa256params.pem 91 ecdsaPrivateKeyWithParams = `-----BEGIN EC PARAMETERS----- 92 BggqhkjOPQMBBw== 93 -----END EC PARAMETERS----- 94 -----BEGIN EC PRIVATE KEY----- 95 MHcCAQEEIAwSOWQqlMTZNqNF7tgua812Jxib1DVOgb2pHHyIEyNNoAoGCCqGSM49 96 AwEHoUQDQgAEyxYNrs6a6tsNCFNYn+l+JDUZ0PnUZbcsDgJn2O62D1se8M5iQ5rY 97 iIv6RpxE3VHvlHEIvYgCZkG0jHszTUopBg== 98 -----END EC PRIVATE KEY-----` 99 100 // ecdsaPrivateKey is a ECDSA Private Key in ASN.1 format 101 // openssl ecparam -name prime256v1 -genkey -noout -out ecdsa256.pem 102 ecdsaPrivateKey = `-----BEGIN EC PRIVATE KEY----- 103 MHcCAQEEIP6Qw6dHDiLsSnLXUhQVTPE0fTQQrj3XSbiQAZPXnk5+oAoGCCqGSM49 104 AwEHoUQDQgAEZZzi1u5f2/AEGFI/HYUhU+u6cTK1q2bbtE7r1JMK+/sQA5sNAp+7 105 Vdc3psr1OaNzyTyuhTECyRdFKXm63cMnGg== 106 -----END EC PRIVATE KEY-----` 107 108 // ecdsaPublicKey is a ECDSA Public Key in PEM encoded format 109 // openssl ec -in ecdsa256.pem -pubout -out ecdsa256pub.pem 110 ecdsaPublicKey = `-----BEGIN PUBLIC KEY----- 111 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZZzi1u5f2/AEGFI/HYUhU+u6cTK1 112 q2bbtE7r1JMK+/sQA5sNAp+7Vdc3psr1OaNzyTyuhTECyRdFKXm63cMnGg== 113 -----END PUBLIC KEY-----` 114 ) 115 116 func TestReadPrivateKey(t *testing.T) { 117 f, err := os.CreateTemp("", "") 118 if err != nil { 119 t.Fatalf("error creating tmpfile: %v", err) 120 } 121 defer os.Remove(f.Name()) 122 123 if _, err := PrivateKeyFromFile(f.Name()); err == nil { 124 t.Fatalf("Expected error reading key from empty file, got none") 125 } 126 127 if err := os.WriteFile(f.Name(), []byte(rsaPrivateKey), os.FileMode(0600)); err != nil { 128 t.Fatalf("error writing private key to tmpfile: %v", err) 129 } 130 if _, err := PrivateKeyFromFile(f.Name()); err != nil { 131 t.Fatalf("error reading private RSA key: %v", err) 132 } 133 134 if err := os.WriteFile(f.Name(), []byte(ecdsaPrivateKey), os.FileMode(0600)); err != nil { 135 t.Fatalf("error writing private key to tmpfile: %v", err) 136 } 137 if _, err := PrivateKeyFromFile(f.Name()); err != nil { 138 t.Fatalf("error reading private ECDSA key: %v", err) 139 } 140 141 if err := os.WriteFile(f.Name(), []byte(ecdsaPrivateKeyWithParams), os.FileMode(0600)); err != nil { 142 t.Fatalf("error writing private key to tmpfile: %v", err) 143 } 144 if _, err := PrivateKeyFromFile(f.Name()); err != nil { 145 t.Fatalf("error reading private ECDSA key with params: %v", err) 146 } 147 } 148 149 func TestReadPublicKeys(t *testing.T) { 150 f, err := os.CreateTemp("", "") 151 if err != nil { 152 t.Fatalf("error creating tmpfile: %v", err) 153 } 154 defer os.Remove(f.Name()) 155 156 if _, err := PublicKeysFromFile(f.Name()); err == nil { 157 t.Fatalf("Expected error reading keys from empty file, got none") 158 } 159 160 if err := os.WriteFile(f.Name(), []byte(rsaPublicKey), os.FileMode(0600)); err != nil { 161 t.Fatalf("error writing public key to tmpfile: %v", err) 162 } 163 if keys, err := PublicKeysFromFile(f.Name()); err != nil { 164 t.Fatalf("error reading RSA public key: %v", err) 165 } else if len(keys) != 1 { 166 t.Fatalf("expected 1 key, got %d", len(keys)) 167 } 168 169 if err := os.WriteFile(f.Name(), []byte(ecdsaPublicKey), os.FileMode(0600)); err != nil { 170 t.Fatalf("error writing public key to tmpfile: %v", err) 171 } 172 if keys, err := PublicKeysFromFile(f.Name()); err != nil { 173 t.Fatalf("error reading ECDSA public key: %v", err) 174 } else if len(keys) != 1 { 175 t.Fatalf("expected 1 key, got %d", len(keys)) 176 } 177 178 if err := os.WriteFile(f.Name(), []byte(rsaPublicKey+"\n"+ecdsaPublicKey), os.FileMode(0600)); err != nil { 179 t.Fatalf("error writing public key to tmpfile: %v", err) 180 } 181 if keys, err := PublicKeysFromFile(f.Name()); err != nil { 182 t.Fatalf("error reading combined RSA/ECDSA public key file: %v", err) 183 } else if len(keys) != 2 { 184 t.Fatalf("expected 2 keys, got %d", len(keys)) 185 } 186 187 if err := os.WriteFile(f.Name(), []byte(certificate), os.FileMode(0600)); err != nil { 188 t.Fatalf("error writing certificate to tmpfile: %v", err) 189 } 190 if keys, err := PublicKeysFromFile(f.Name()); err != nil { 191 t.Fatalf("error reading public key from certificate file: %v", err) 192 } else if len(keys) != 1 { 193 t.Fatalf("expected 1 keys, got %d", len(keys)) 194 } 195 196 }