2023-06-05 22:23:28 +01:00
|
|
|
package certs
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"crypto/x509/pkix"
|
|
|
|
|
"fmt"
|
2024-04-20 16:17:32 +01:00
|
|
|
"github.com/mrmelon54/certgen"
|
2023-06-05 22:23:28 +01:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
"math/big"
|
|
|
|
|
"testing"
|
|
|
|
|
"testing/fstest"
|
|
|
|
|
"time"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestCertsNew_Lookup(t *testing.T) {
|
|
|
|
|
// The following code basically copies the self-signed logic from the Certs
|
|
|
|
|
// type to test that certificate files can be found and read correctly. This
|
|
|
|
|
// uses a MapFS for performance during tests.
|
|
|
|
|
|
2023-10-27 09:16:52 +01:00
|
|
|
ca, err := certgen.MakeCaTls(2048, pkix.Name{
|
2023-06-05 22:23:28 +01:00
|
|
|
Country: []string{"GB"},
|
|
|
|
|
Organization: []string{"Violet"},
|
|
|
|
|
OrganizationalUnit: []string{"Development"},
|
|
|
|
|
SerialNumber: "0",
|
|
|
|
|
CommonName: fmt.Sprintf("%d.violet.test", time.Now().Unix()),
|
2023-06-19 16:27:36 +01:00
|
|
|
}, big.NewInt(0), func(now time.Time) time.Time {
|
|
|
|
|
return now.AddDate(10, 0, 0)
|
|
|
|
|
})
|
2023-06-05 22:23:28 +01:00
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
domain := "example.com"
|
|
|
|
|
sn := int64(1)
|
2023-10-27 09:16:52 +01:00
|
|
|
serverTls, err := certgen.MakeServerTls(ca, 2048, pkix.Name{
|
2023-06-05 22:23:28 +01:00
|
|
|
Country: []string{"GB"},
|
|
|
|
|
Organization: []string{domain},
|
|
|
|
|
OrganizationalUnit: []string{domain},
|
|
|
|
|
SerialNumber: fmt.Sprintf("%d", sn),
|
|
|
|
|
CommonName: domain,
|
2023-06-19 16:27:36 +01:00
|
|
|
}, big.NewInt(sn), func(now time.Time) time.Time {
|
|
|
|
|
return now.AddDate(10, 0, 0)
|
|
|
|
|
}, []string{domain}, nil)
|
2023-06-05 22:23:28 +01:00
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
certDir := fstest.MapFS{
|
2023-07-11 15:12:59 +01:00
|
|
|
"example.com.cert.pem": {
|
2023-06-05 22:23:28 +01:00
|
|
|
Data: serverTls.GetCertPem(),
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
keyDir := fstest.MapFS{
|
2023-07-11 15:12:59 +01:00
|
|
|
"example.com.key.pem": {
|
2023-06-05 22:23:28 +01:00
|
|
|
Data: serverTls.GetKeyPem(),
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
certs := New(certDir, keyDir, false)
|
|
|
|
|
assert.NoError(t, certs.internalCompile(certs.m))
|
|
|
|
|
cc := certs.GetCertForDomain("example.com")
|
|
|
|
|
leaf := certgen.TlsLeaf(cc)
|
|
|
|
|
assert.Equal(t, []string{"example.com"}, leaf.DNSNames)
|
|
|
|
|
|
|
|
|
|
// this cert doesn't exist
|
|
|
|
|
assert.Nil(t, certs.GetCertForDomain("notexample.com"))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestCertsNew_SelfSigned(t *testing.T) {
|
2023-10-27 09:16:52 +01:00
|
|
|
if testing.Short() {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-05 22:23:28 +01:00
|
|
|
certs := New(nil, nil, true)
|
|
|
|
|
cc := certs.GetCertForDomain("example.com")
|
|
|
|
|
leaf := certgen.TlsLeaf(cc)
|
|
|
|
|
assert.Equal(t, []string{"example.com"}, leaf.DNSNames)
|
|
|
|
|
|
|
|
|
|
cc2 := certs.GetCertForDomain("notexample.com")
|
|
|
|
|
leaf2 := certgen.TlsLeaf(cc2)
|
|
|
|
|
assert.Equal(t, []string{"notexample.com"}, leaf2.DNSNames)
|
|
|
|
|
}
|
