WIP: initial mtls package #133
@ -94,7 +94,7 @@ func NewIntermediate(cacrt *x509.Certificate, cakey crypto.PrivateKey, opts ...C
|
|||||||
|
|||||||
// SignCSR sign certificate request and return signed pubkey
|
// SignCSR sign certificate request and return signed pubkey
|
||||||
func SignCSR(rawcsr []byte, cacrt *x509.Certificate, cakey crypto.PrivateKey, opts ...CertificateOption) ([]byte, error) {
|
func SignCSR(rawcsr []byte, cacrt *x509.Certificate, cakey crypto.PrivateKey, opts ...CertificateOption) ([]byte, error) {
|
||||||
if cacrt == nil {
|
if cacrt == nil {
|
||||||
opts = append(opts, CertificateIsCA(false))
|
opts = append(opts, CertificateIsCA(true))
|
||||||
Disabled TLS certificate checkInsecureSkipVerify should not be used in production code. ## Disabled TLS certificate check
InsecureSkipVerify should not be used in production code.
[Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
Disabled TLS certificate checkInsecureSkipVerify should not be used in production code. ## Disabled TLS certificate check
InsecureSkipVerify should not be used in production code.
[Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
|
|||||||
}
|
}
|
||||||
|
|
||||||
options := NewCertificateOptions(opts...)
|
options := NewCertificateOptions(opts...)
|
||||||
@ -124,7 +124,7 @@ func SignCSR(rawcsr []byte, cacrt *x509.Certificate, cakey crypto.PrivateKey, op
|
|||||||
Disabled TLS certificate checkInsecureSkipVerify should not be used in production code. ## Disabled TLS certificate check
InsecureSkipVerify should not be used in production code.
[Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
Disabled TLS certificate checkInsecureSkipVerify should not be used in production code. ## Disabled TLS certificate check
InsecureSkipVerify should not be used in production code.
[Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
|
|||||||
IsCA: options.IsCA,
|
IsCA: options.IsCA,
|
||||||
}
|
}
|
||||||
|
|
||||||
if !options.IsCA {
|
if options.IsCA {
|
||||||
Disabled TLS certificate checkInsecureSkipVerify should not be used in production code. ## Disabled TLS certificate check
InsecureSkipVerify should not be used in production code.
[Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
Disabled TLS certificate checkInsecureSkipVerify should not be used in production code. ## Disabled TLS certificate check
InsecureSkipVerify should not be used in production code.
[Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
|
|||||||
cacrt = tpl
|
cacrt = tpl
|
||||||
} else {
|
} else {
|
||||||
tpl.Issuer = cacrt.Subject
|
tpl.Issuer = cacrt.Subject
|
||||||
|
|||||||
Disabled TLS certificate checkInsecureSkipVerify should not be used in production code. ## Disabled TLS certificate check
InsecureSkipVerify should not be used in production code.
[Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
Disabled TLS certificate checkInsecureSkipVerify should not be used in production code. ## Disabled TLS certificate check
InsecureSkipVerify should not be used in production code.
[Show more details](https://github.com/unistack-org/micro/security/code-scanning/2)
|
@ -10,6 +10,7 @@ func TestNewCa(t *testing.T) {
|
|||||||
bcrt, key, err := NewCA(
|
bcrt, key, err := NewCA(
|
||||||
CertificateOrganization("test_org"),
|
CertificateOrganization("test_org"),
|
||||||
CertificateOrganizationalUnit("test_unit"),
|
CertificateOrganizationalUnit("test_unit"),
|
||||||
|
CertificateIsCA(true),
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
@ -23,7 +24,7 @@ func TestNewCa(t *testing.T) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
if crt.IsCA {
|
if !crt.IsCA {
|
||||||
t.Fatalf("crt IsCA invalid %v", crt)
|
t.Fatalf("crt IsCA invalid %v", crt)
|
||||||
}
|
}
|
||||||
if crt.Subject.Organization[0] != "test_org" {
|
if crt.Subject.Organization[0] != "test_org" {
|
||||||
@ -33,3 +34,40 @@ func TestNewCa(t *testing.T) {
|
|||||||
t.Fatalf("crt subject invalid %v", crt.Subject)
|
t.Fatalf("crt subject invalid %v", crt.Subject)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestNewIntermediate(t *testing.T) {
|
||||||
|
bcrt, cakey, err := NewCA(
|
||||||
|
CertificateOrganization("test_org"),
|
||||||
|
CertificateOrganizationalUnit("test_unit"),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
cacrt, err := x509.ParseCertificate(bcrt)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
bcrt, ikey, err := NewIntermediate(cacrt, cakey,
|
||||||
|
CertificateOrganization("test_org"),
|
||||||
|
CertificateOrganizationalUnit("test_unit"),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
_ = ikey
|
||||||
|
icrt, err := x509.ParseCertificate(bcrt)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if icrt.IsCA {
|
||||||
|
t.Fatalf("crt IsCA invalid %v", icrt)
|
||||||
|
}
|
||||||
|
if icrt.Subject.Organization[0] != "test_org" {
|
||||||
|
t.Fatalf("crt subject invalid %v", icrt.Subject)
|
||||||
|
}
|
||||||
|
if icrt.Subject.OrganizationalUnit[0] != "test_unit" {
|
||||||
|
t.Fatalf("crt subject invalid %v", icrt.Subject)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user
Disabled TLS certificate check
InsecureSkipVerify should not be used in production code.
Show more details
Disabled TLS certificate check
InsecureSkipVerify should not be used in production code.
Show more details