micro/util/pki/pki_test.go

130 lines
2.3 KiB
Go
Raw Normal View History

package pki
import (
"crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"math/big"
"net"
"testing"
"time"
)
func TestPrivateKey(t *testing.T) {
_, _, err := GenerateKey()
if err != nil {
t.Fatal(err)
}
}
func TestCA(t *testing.T) {
pub, priv, err := GenerateKey()
if err != nil {
t.Fatal(err)
}
serialNumberMax := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberMax)
if err != nil {
t.Fatal(err)
}
cert, key, err := CA(
KeyPair(pub, priv),
Subject(pkix.Name{
Organization: []string{"test"},
}),
DNSNames("localhost"),
IPAddresses(net.ParseIP("127.0.0.1")),
SerialNumber(serialNumber),
NotBefore(time.Now().Add(time.Minute*-1)),
NotAfter(time.Now().Add(time.Minute)),
)
if err != nil {
t.Fatal(err)
}
asn1Key, _ := pem.Decode(key)
if asn1Key == nil {
t.Fatal(err)
}
if asn1Key.Type != "PRIVATE KEY" {
t.Fatal("invalid key type")
}
decodedKey, err := x509.ParsePKCS8PrivateKey(asn1Key.Bytes)
if err != nil {
t.Fatal(err)
} else if decodedKey == nil {
t.Fatal("empty key")
}
asn1Cert, _ := pem.Decode(cert)
if asn1Cert == nil {
t.Fatal(err)
}
/*
pool := x509.NewCertPool()
x509cert, err := x509.ParseCertificate(asn1Cert.Bytes)
if err != nil {
t.Fatal(err)
}
chains, err := x509cert.Verify(x509.VerifyOptions{
Roots: pool,
})
if err != nil {
t.Fatal(err)
}
if len(chains) != 1 {
t.Fatal("CA should have 1 cert in chain")
}
*/
}
func TestCSR(t *testing.T) {
pub, priv, err := GenerateKey()
if err != nil {
t.Fatal(err)
}
csr, err := CSR(
Subject(
pkix.Name{
CommonName: "testnode",
Organization: []string{"microtest"},
OrganizationalUnit: []string{"super-testers"},
},
),
DNSNames("localhost"),
IPAddresses(net.ParseIP("127.0.0.1")),
KeyPair(pub, priv),
)
if err != nil {
t.Fatal(err)
}
asn1csr, _ := pem.Decode(csr)
if asn1csr == nil {
t.Fatal(err)
}
decodedcsr, err := x509.ParseCertificateRequest(asn1csr.Bytes)
if err != nil {
t.Fatal(err)
}
expected := pkix.Name{
CommonName: "testnode",
Organization: []string{"microtest"},
OrganizationalUnit: []string{"super-testers"},
}
if decodedcsr.Subject.String() != expected.String() {
t.Fatalf("%s != %s", decodedcsr.Subject.String(), expected.String())
}
}