github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-03-03 18:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
364332c3803540ca4da751fce5bbed4e87d5fdaa
capsule/pkg/cert/ca_test.go
Dario Tranchitella 0830b3629e chore(header): moving to new neutral organization 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
2023-10-16 21:29:23 +02:00

77 lines
1.6 KiB
Go
Raw Blame History

// Copyright 2020-2023 Project Capsule Authors.
// SPDX-License-Identifier: Apache-2.0
package cert
import (
"bytes"
"crypto/tls"
"crypto/x509"
"encoding/pem"
"testing"
"time"
"github.com/stretchr/testify/assert"
)
func TestNewCertificateAuthorityFromBytes(t *testing.T) {
var ca *CapsuleCA
var err error
ca, err = GenerateCertificateAuthority()
assert.Nil(t, err)
var crt *bytes.Buffer
crt, err = ca.CACertificatePem()
assert.Nil(t, err)
var key *bytes.Buffer
key, err = ca.CAPrivateKeyPem()
assert.Nil(t, err)
_, err = NewCertificateAuthorityFromBytes(crt.Bytes(), key.Bytes())
assert.Nil(t, err)
}
func TestCapsuleCa_GenerateCertificate(t *testing.T) {
type testCase struct {
dnsNames []string
}
for name, c := range map[string]testCase{
"foo.tld": {[]string{"foo.tld"}},
"SAN": {[]string{"capsule-webhook-service.capsule-system.svc", "capsule-webhook-service.capsule-system.default.cluster"}},
} {
t.Run(name, func(t *testing.T) {
var ca *CapsuleCA
var err error
e := time.Now().AddDate(1, 0, 0)
ca, err = GenerateCertificateAuthority()
assert.Nil(t, err)
var crt *bytes.Buffer
var key *bytes.Buffer
crt, key, err = ca.GenerateCertificate(NewCertOpts(e, c.dnsNames...))
assert.Nil(t, err)
var b *pem.Block
var c *x509.Certificate
b, _ = pem.Decode(crt.Bytes())
c, err = x509.ParseCertificate(b.Bytes)
assert.Nil(t, err)
assert.Equal(t, e.Unix(), c.NotAfter.Unix())
for _, i := range c.DNSNames {
assert.Contains(t, c.DNSNames, i)
}
_, err = tls.X509KeyPair(crt.Bytes(), key.Bytes())
assert.Nil(t, err)
})
}
}
Reference in New Issue View Git Blame Copy Permalink