Files

 1cf425f

/

authority_test.go

Blame

Blame

Latest commit

 

History

History

145 lines (118 loc) · 4.28 KB

 1cf425f

/

authority_test.go

Top

File metadata and controls

• Code
• Blame

145 lines (118 loc) · 4.28 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

// Copyright 2020 Canonical Ltd.

// Licensed under the AGPLv3, see LICENCE file for details.

package pki_test

import (

"bytes"

"crypto"

"crypto/x509"

"net"

"github.com/juju/errors"

jc "github.com/juju/testing/checkers"

gc "gopkg.in/check.v1"

"github.com/juju/juju/pki"

)

type AuthoritySuite struct {

ca *x509.Certificate

signer crypto.Signer

}

var _ = gc.Suite(&AuthoritySuite{})

func (a *AuthoritySuite) SetUpTest(c *gc.C) {

signer, err := pki.DefaultKeyProfile()

c.Assert(err, jc.ErrorIsNil)

a.signer = signer

commonName := "juju-test-ca"

ca, err := pki.NewCA(commonName, a.signer)

c.Assert(err, jc.ErrorIsNil)

a.ca = ca

c.Assert(a.ca.Subject.CommonName, gc.Equals, commonName)

c.Assert(a.ca.Subject.Organization, jc.DeepEquals, pki.Organisation)

c.Assert(a.ca.BasicConstraintsValid, gc.Equals, true)

c.Assert(a.ca.IsCA, gc.Equals, true)

}

func (a *AuthoritySuite) TestNewAuthority(c *gc.C) {

authority, err := pki.NewDefaultAuthority(a.ca, a.signer)

c.Assert(err, jc.ErrorIsNil)

c.Assert(authority.Certificate(), jc.DeepEquals, a.ca)

c.Assert(authority.Signer(), jc.DeepEquals, a.signer)

c.Assert(len(authority.Chain()), gc.Equals, 0)

}

func (a *AuthoritySuite) TestMissingLeafGroup(c *gc.C) {

authority, err := pki.NewDefaultAuthority(a.ca, a.signer)

c.Assert(err, jc.ErrorIsNil)

leaf, err := authority.LeafForGroup("noexist")

c.Assert(err, gc.NotNil)

c.Assert(leaf, gc.IsNil)

c.Assert(errors.IsNotFound(err), gc.Equals, true)

}

func (a *AuthoritySuite) TestLeafRequest(c *gc.C) {

authority, err := pki.NewDefaultAuthority(a.ca, a.signer)

c.Assert(err, jc.ErrorIsNil)

dnsNames := []string{"test.juju.is"}

ipAddresses := []net.IP{net.ParseIP("fe80:abcd::1")}

leaf, err := authority.LeafRequestForGroup("testgroup").

AddDNSNames(dnsNames...).

AddIPAddresses(ipAddresses...).

Commit()

c.Assert(err, jc.ErrorIsNil)

c.Assert(leaf.Certificate().DNSNames, jc.DeepEquals, dnsNames)

c.Assert(leaf.Certificate().IPAddresses, jc.DeepEquals, ipAddresses)

leaf, err = authority.LeafForGroup("testgroup")

c.Assert(err, jc.ErrorIsNil)

c.Assert(leaf.Certificate().DNSNames, jc.DeepEquals, dnsNames)

c.Assert(leaf.Certificate().IPAddresses, jc.DeepEquals, ipAddresses)

}

func (a *AuthoritySuite) TestLeafRequestChain(c *gc.C) {

authority, err := pki.NewDefaultAuthority(a.ca, a.signer)

c.Assert(err, jc.ErrorIsNil)

dnsNames := []string{"test.juju.is"}

ipAddresses := []net.IP{net.ParseIP("fe80:abcd::1")}

leaf, err := authority.LeafRequestForGroup("testgroup").

AddDNSNames(dnsNames...).

AddIPAddresses(ipAddresses...).

Commit()

c.Assert(err, jc.ErrorIsNil)

chain := leaf.Chain()

c.Assert(len(chain), gc.Equals, 1)

c.Assert(chain[0], jc.DeepEquals, authority.Certificate())

}

func (a *AuthoritySuite) TestLeafFromPem(c *gc.C) {

authority, err := pki.NewDefaultAuthority(a.ca, a.signer)

c.Assert(err, jc.ErrorIsNil)

dnsNames := []string{"test.juju.is"}

ipAddresses := []net.IP{net.ParseIP("fe80:abcd::1")}

leaf, err := authority.LeafRequestForGroup("testgroup").

AddDNSNames(dnsNames...).

AddIPAddresses(ipAddresses...).

Commit()

c.Assert(err, jc.ErrorIsNil)

cert, key, err := leaf.ToPemParts()

c.Assert(err, jc.ErrorIsNil)

authority1, err := pki.NewDefaultAuthority(a.ca, a.signer)

c.Assert(err, jc.ErrorIsNil)

leaf1, err := authority1.LeafGroupFromPemCertKey("testgroup", cert, key)

c.Assert(err, jc.ErrorIsNil)

c.Assert(leaf1, jc.DeepEquals, leaf)

leaf2, err := authority.LeafForGroup("testgroup")

c.Assert(err, jc.ErrorIsNil)

c.Assert(leaf2, gc.NotNil)

}

func (a *AuthoritySuite) TestAuthorityFromPemBlock(c *gc.C) {

caBytes := bytes.Buffer{}

err := pki.CertificateToPemWriter(&caBytes, map[string]string{}, a.ca)

c.Assert(err, jc.ErrorIsNil)

keyBytes := bytes.Buffer{}

err = pki.SignerToPemWriter(&keyBytes, a.signer)

c.Assert(err, jc.ErrorIsNil)

_, err = pki.NewDefaultAuthorityPem(append(caBytes.Bytes(), keyBytes.Bytes()...))

c.Assert(err, jc.ErrorIsNil)

}

func (a *AuthoritySuite) TestAuthorityFromPemCAKey(c *gc.C) {

caBytes := bytes.Buffer{}

err := pki.CertificateToPemWriter(&caBytes, map[string]string{}, a.ca)

c.Assert(err, jc.ErrorIsNil)

keyBytes := bytes.Buffer{}

err = pki.SignerToPemWriter(&keyBytes, a.signer)

c.Assert(err, jc.ErrorIsNil)

_, err = pki.NewDefaultAuthorityPemCAKey(caBytes.Bytes(), keyBytes.Bytes())

c.Assert(err, jc.ErrorIsNil)

}