-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcert.go
80 lines (67 loc) · 2.14 KB
/
cert.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
// Copyright 2012, 2013 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.
package testing
import (
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"math/rand"
mgotesting "github.com/juju/mgo/v3/testing"
utilscert "github.com/juju/utils/v3/cert"
)
// CACert and CAKey make up a CA key pair.
// CACertX509 and CAKeyRSA hold their parsed equivalents.
// ServerCert and ServerKey hold a CA-signed server cert/key.
// Certs holds the certificates and keys required to make a secure
// connection to a Mongo database.
var (
CACert, CAKey, ServerCert, ServerKey = chooseGeneratedCA()
CACertX509, CAKeyRSA = mustParseCertAndKey(CACert, CAKey)
ServerTLSCert = mustParseServerCert(ServerCert, ServerKey)
Certs = serverCerts()
// Other valid test certs different from the default.
OtherCACert, OtherCAKey = chooseGeneratedOtherCA()
OtherCACertX509, OtherCAKeyRSA = mustParseCertAndKey(OtherCACert, OtherCAKey)
)
func chooseGeneratedCA() (string, string, string, string) {
index := rand.Intn(len(generatedCA))
if len(generatedCA) != len(generatedServer) {
// This should never happen.
panic("generatedCA and generatedServer have mismatched length")
}
ca := generatedCA[index]
server := generatedServer[index]
return ca.certPEM, ca.keyPEM, server.certPEM, server.keyPEM
}
func chooseGeneratedOtherCA() (string, string) {
index := rand.Intn(len(otherCA))
ca := otherCA[index]
return ca.certPEM, ca.keyPEM
}
func mustParseServerCert(srvCert string, srvKey string) *tls.Certificate {
tlsCert, err := tls.X509KeyPair([]byte(srvCert), []byte(srvKey))
if err != nil {
panic(err)
}
x509Cert, err := x509.ParseCertificate(tlsCert.Certificate[0])
if err != nil {
panic(err)
}
tlsCert.Leaf = x509Cert
return &tlsCert
}
func mustParseCertAndKey(certPEM, keyPEM string) (*x509.Certificate, *rsa.PrivateKey) {
cert, key, err := utilscert.ParseCertAndKey(certPEM, keyPEM)
if err != nil {
panic(err)
}
return cert, key
}
func serverCerts() *mgotesting.Certs {
serverCert, serverKey := mustParseCertAndKey(ServerCert, ServerKey)
return &mgotesting.Certs{
CACert: CACertX509,
ServerCert: serverCert,
ServerKey: serverKey,
}
}