Files

 1cf425f

/

cert.go

Blame

Blame

Latest commit

 

History

History

80 lines (67 loc) · 2.14 KB

 1cf425f

/

cert.go

Top

File metadata and controls

• Code
• Blame

80 lines (67 loc) · 2.14 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

// Copyright 2012, 2013 Canonical Ltd.

// Licensed under the AGPLv3, see LICENCE file for details.

package testing

import (

"crypto/rsa"

"crypto/tls"

"crypto/x509"

"math/rand"

gitjujutesting "github.com/juju/testing"

utilscert "github.com/juju/utils/v3/cert"

)

// CACert and CAKey make up a CA key pair.

// CACertX509 and CAKeyRSA hold their parsed equivalents.

// ServerCert and ServerKey hold a CA-signed server cert/key.

// Certs holds the certificates and keys required to make a secure

// connection to a Mongo database.

var (

CACert, CAKey, ServerCert, ServerKey = chooseGeneratedCA()

CACertX509, CAKeyRSA = mustParseCertAndKey(CACert, CAKey)

ServerTLSCert = mustParseServerCert(ServerCert, ServerKey)

Certs = serverCerts()

// Other valid test certs different from the default.

OtherCACert, OtherCAKey = chooseGeneratedOtherCA()

OtherCACertX509, OtherCAKeyRSA = mustParseCertAndKey(OtherCACert, OtherCAKey)

)

func chooseGeneratedCA() (string, string, string, string) {

index := rand.Intn(len(generatedCA))

if len(generatedCA) != len(generatedServer) {

// This should never happen.

panic("generatedCA and generatedServer have mismatched length")

}

ca := generatedCA[index]

server := generatedServer[index]

return ca.certPEM, ca.keyPEM, server.certPEM, server.keyPEM

}

func chooseGeneratedOtherCA() (string, string) {

index := rand.Intn(len(otherCA))

ca := otherCA[index]

return ca.certPEM, ca.keyPEM

}

func mustParseServerCert(srvCert string, srvKey string) *tls.Certificate {

tlsCert, err := tls.X509KeyPair([]byte(srvCert), []byte(srvKey))

if err != nil {

panic(err)

}

x509Cert, err := x509.ParseCertificate(tlsCert.Certificate[0])

if err != nil {

panic(err)

}

tlsCert.Leaf = x509Cert

return &tlsCert

}

func mustParseCertAndKey(certPEM, keyPEM string) (*x509.Certificate, *rsa.PrivateKey) {

cert, key, err := utilscert.ParseCertAndKey(certPEM, keyPEM)

if err != nil {

panic(err)

}

return cert, key

}

func serverCerts() *gitjujutesting.Certs {

serverCert, serverKey := mustParseCertAndKey(ServerCert, ServerKey)

return &gitjujutesting.Certs{

CACert: CACertX509,

ServerCert: serverCert,

ServerKey: serverKey,

}

}