Skip to content

Commit

Permalink
Changes after review from juju/utils.
Browse files Browse the repository at this point in the history 
Signed-off-by: Salvatore Giulitti <[email protected]>
  • Loading branch information
Salvatore Giulitti committed Nov 10, 2016
1 parent 222a41f commit ac1ae3d
Show file tree
Hide file tree
Showing 14 changed files with 396 additions and 19 deletions.
2 changes: 1 addition & 1 deletion api/certpool_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ import (
"strings"
"time"

"github.com/juju/juju/cert"
"github.com/juju/loggo"
jc "github.com/juju/testing/checkers"
"github.com/juju/utils/cert"
gc "gopkg.in/check.v1"

"github.com/juju/juju/api"
Expand Down
2 changes: 1 addition & 1 deletion apiserver/cert_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ import (
"runtime"
"time"

"github.com/juju/juju/cert"
"github.com/juju/loggo"
jc "github.com/juju/testing/checkers"
"github.com/juju/utils/cert"
gc "gopkg.in/check.v1"

"github.com/juju/juju/api"
Expand Down
5 changes: 3 additions & 2 deletions apiserver/metricsender/sender_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,18 @@ import (
"time"

wireformat "github.com/juju/romulus/wireformat/metrics"
jujutesting "github.com/juju/testing"
jc "github.com/juju/testing/checkers"
"github.com/juju/utils"
"github.com/juju/utils/cert"
"github.com/juju/utils/clock"
gc "gopkg.in/check.v1"

"github.com/juju/juju/apiserver/metricsender"
jujucert "github.com/juju/juju/cert"
jujujutesting "github.com/juju/juju/juju/testing"
"github.com/juju/juju/state"
"github.com/juju/juju/testing/factory"
jujutesting "github.com/juju/testing"
)

type SenderSuite struct {
Expand All @@ -37,7 +38,7 @@ var _ = gc.Suite(&SenderSuite{})
func createCerts(c *gc.C, serverName string) (*x509.CertPool, tls.Certificate) {
certCaPem, keyCaPem, err := cert.NewCA("sender-test", "1", time.Now().Add(time.Minute))
c.Assert(err, jc.ErrorIsNil)
certPem, keyPem, err := cert.NewServer(certCaPem, keyCaPem, time.Now().Add(time.Minute), []string{serverName})
certPem, keyPem, err := jujucert.NewServer(certCaPem, keyCaPem, time.Now().Add(time.Minute), []string{serverName})
c.Assert(err, jc.ErrorIsNil)
cert, err := tls.X509KeyPair([]byte(certPem), []byte(keyPem))
c.Assert(err, jc.ErrorIsNil)
Expand Down
58 changes: 58 additions & 0 deletions cert/cert.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
// Copyright 2012, 2013 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.

package cert

import (
"crypto/x509"
"fmt"
"time"

"github.com/juju/errors"
utilscert "github.com/juju/utils/cert"
)

// Verify verifies that the given server certificate is valid with
// respect to the given CA certificate at the given time.
func Verify(srvCertPEM, caCertPEM string, when time.Time) error {
caCert, err := utilscert.ParseCert(caCertPEM)
if err != nil {
return errors.Annotate(err, "cannot parse CA certificate")
}
srvCert, err := utilscert.ParseCert(srvCertPEM)
if err != nil {
return errors.Annotate(err, "cannot parse server certificate")
}
pool := x509.NewCertPool()
pool.AddCert(caCert)
opts := x509.VerifyOptions{
DNSName: "anyServer",
Roots: pool,
CurrentTime: when,
}
_, err = srvCert.Verify(opts)
return err
}

// NewDefaultServer generates a certificate/key pair suitable for use by a server, with an
// expiry time of 10 years.
func NewDefaultServer(caCertPEM, caKeyPEM string, hostnames []string) (certPEM, keyPEM string, err error) {
// TODO(perrito666) 2016-05-02 lp:1558657
expiry := time.Now().UTC().AddDate(10, 0, 0)
return utilscert.NewLeaf("*", caCertPEM, caKeyPEM, expiry, hostnames, []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth})
}

// NewServer generates a certificate/key pair suitable for use by a server.
func NewServer(caCertPEM, caKeyPEM string, expiry time.Time, hostnames []string) (certPEM, keyPEM string, err error) {
return utilscert.NewLeaf("*", caCertPEM, caKeyPEM, expiry, hostnames, []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth})
}

// NewCA generates a CA certificate/key pair suitable for signing server
// keys for an environment with the given name.
// wrapper arount utils/cert#NewCA
func NewCA(commonName, UUID string, expiry time.Time) (certPEM, keyPEM string, err error) {
return utilscert.NewCA(
fmt.Sprintf("juju-generated CA for model %q", commonName),
UUID, expiry,
)
}
Loading

0 comments on commit ac1ae3d

Please sign in to comment.