From 25c9a870686a516caa04e00c10318ae14562398c Mon Sep 17 00:00:00 2001
From: MrMelon54 <github@mrmelon54.com>
Date: Mon, 5 Jun 2023 22:23:28 +0100
Subject: [PATCH] Add certificate tests

---
 certs/certs.go      |  4 +--
 certs/certs_test.go | 70 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+), 2 deletions(-)
 create mode 100644 certs/certs_test.go

diff --git a/certs/certs.go b/certs/certs.go
index 14252ae..fc37210 100644
--- a/certs/certs.go
+++ b/certs/certs.go
@@ -126,7 +126,7 @@ func (c *Certs) internalCompile(m map[string]*tls.Certificate) error {
 	}
 
 	// try to read dir
-	files, err := fs.ReadDir(c.cDir, "")
+	files, err := fs.ReadDir(c.cDir, ".")
 	if err != nil {
 		return fmt.Errorf("failed to read cert dir: %w", err)
 	}
@@ -143,7 +143,7 @@ func (c *Certs) internalCompile(m map[string]*tls.Certificate) error {
 		// get file name and extension
 		name := i.Name()
 		ext := filepath.Ext(name)
-		keyName := name[:len(name)-len(ext)] + "key"
+		keyName := name[:len(name)-len(ext)] + ".key"
 
 		// try to read cert file
 		certData, err := fs.ReadFile(c.cDir, name)
diff --git a/certs/certs_test.go b/certs/certs_test.go
new file mode 100644
index 0000000..a60efe8
--- /dev/null
+++ b/certs/certs_test.go
@@ -0,0 +1,70 @@
+package certs
+
+import (
+	"code.mrmelon54.com/melon/certgen"
+	"crypto/x509/pkix"
+	"fmt"
+	"github.com/stretchr/testify/assert"
+	"math/big"
+	"testing"
+	"testing/fstest"
+	"time"
+)
+
+func TestCertsNew_Lookup(t *testing.T) {
+	// The following code basically copies the self-signed logic from the Certs
+	// type to test that certificate files can be found and read correctly. This
+	// uses a MapFS for performance during tests.
+
+	ca, err := certgen.MakeCaTls(pkix.Name{
+		Country:            []string{"GB"},
+		Organization:       []string{"Violet"},
+		OrganizationalUnit: []string{"Development"},
+		SerialNumber:       "0",
+		CommonName:         fmt.Sprintf("%d.violet.test", time.Now().Unix()),
+	}, big.NewInt(0))
+	assert.NoError(t, err)
+
+	domain := "example.com"
+	sn := int64(1)
+	serverTls, err := certgen.MakeServerTls(ca, pkix.Name{
+		Country:            []string{"GB"},
+		Organization:       []string{domain},
+		OrganizationalUnit: []string{domain},
+		SerialNumber:       fmt.Sprintf("%d", sn),
+		CommonName:         domain,
+	}, big.NewInt(sn), []string{domain}, nil)
+	assert.NoError(t, err)
+
+	certDir := fstest.MapFS{
+		"example.com.pem": {
+			Data: serverTls.GetCertPem(),
+		},
+	}
+
+	keyDir := fstest.MapFS{
+		"example.com.key": {
+			Data: serverTls.GetKeyPem(),
+		},
+	}
+
+	certs := New(certDir, keyDir, false)
+	assert.NoError(t, certs.internalCompile(certs.m))
+	cc := certs.GetCertForDomain("example.com")
+	leaf := certgen.TlsLeaf(cc)
+	assert.Equal(t, []string{"example.com"}, leaf.DNSNames)
+
+	// this cert doesn't exist
+	assert.Nil(t, certs.GetCertForDomain("notexample.com"))
+}
+
+func TestCertsNew_SelfSigned(t *testing.T) {
+	certs := New(nil, nil, true)
+	cc := certs.GetCertForDomain("example.com")
+	leaf := certgen.TlsLeaf(cc)
+	assert.Equal(t, []string{"example.com"}, leaf.DNSNames)
+
+	cc2 := certs.GetCertForDomain("notexample.com")
+	leaf2 := certgen.TlsLeaf(cc2)
+	assert.Equal(t, []string{"notexample.com"}, leaf2.DNSNames)
+}