tidy code

internal/certigo/lib/certs_test.go

@@ -8,12 +8,12 @@ func TestClientTLSConfig(t *testing.T) {
 	derfmt := CertKeyFormatDER
 	pemfmt := CertKeyFormatPEM
 	pfxfmt := CertKeyFormatPKCS12
-	testTLSConfig(t, false, "internal/testing/tls/ca.crt", pemfmt, "internal/testing/tls/client.crt", pemfmt, "internal/testing/tls/client.key", pemfmt, "")
-	testTLSConfig(t, false, "internal/testing/tls/ca.crt", pemfmt, "internal/testing/tls/client.der", derfmt, "internal/testing/tls/client.key", pemfmt, "")
-	testTLSConfig(t, false, "internal/testing/tls/ca.crt", pemfmt, "internal/testing/tls/client.pfx", pfxfmt, "internal/testing/tls/client.key", pemfmt, "")
-	testTLSConfig(t, false, "internal/testing/tls/ca.crt", pemfmt, "internal/testing/tls/client_pass.pfx", pfxfmt, "", pemfmt, "pfxpassword")
-	testTLSConfig(t, false, "internal/testing/tls/ca.der", derfmt, "internal/testing/tls/client.pfx", pfxfmt, "", pemfmt, "")
-	testTLSConfig(t, false, "internal/testing/tls/ca.crt", pemfmt, "internal/testing/tls/testcert.pem", pemfmt, "internal/testing/tls/testkey.pem", pemfmt, "")
+	testTLSConfig(t, false, "../../testing/tls/ca.crt", pemfmt, "../../testing/tls/client.crt", pemfmt, "../../testing/tls/client.key", pemfmt, "")
+	testTLSConfig(t, false, "../../testing/tls/ca.crt", pemfmt, "../../testing/tls/client.der", derfmt, "../../testing/tls/client.key", pemfmt, "")
+	testTLSConfig(t, false, "../../testing/tls/ca.crt", pemfmt, "../../testing/tls/client.pfx", pfxfmt, "../../testing/tls/client.key", pemfmt, "")
+	testTLSConfig(t, false, "../../testing/tls/ca.crt", pemfmt, "../../testing/tls/client_pass.pfx", pfxfmt, "", pemfmt, "pfxpassword")
+	testTLSConfig(t, false, "../../testing/tls/ca.der", derfmt, "../../testing/tls/client.pfx", pfxfmt, "", pemfmt, "")
+	testTLSConfig(t, false, "../../testing/tls/ca.crt", pemfmt, "../../testing/tls/testcert.pem", pemfmt, "../../testing/tls/testkey.pem", pemfmt, "")
 }
 
 func testTLSConfig(
@@ -38,12 +38,12 @@ func testTLSConfig(
 }
 
 func TestGuessFormat(t *testing.T) {
-	guessFormat(t, "internal/testing/tls/client.crt", CertKeyFormatPEM)
-	guessFormat(t, "internal/testing/tls/client.cer", CertKeyFormatPEM)
-	guessFormat(t, "internal/testing/tls/client.key", CertKeyFormatPEM)
-	guessFormat(t, "internal/testing/tls/client.pfx", CertKeyFormatPKCS12)
-	guessFormat(t, "internal/testing/tls/client.der", CertKeyFormatDER)
-	forceFormat(t, "internal/testing/tls/client.guess", CertKeyFormatPEM, CertKeyFormatPEM)
+	guessFormat(t, "../../testing/tls/client.crt", CertKeyFormatPEM)
+	guessFormat(t, "../../testing/tls/client.cer", CertKeyFormatPEM)
+	guessFormat(t, "../../testing/tls/client.key", CertKeyFormatPEM)
+	guessFormat(t, "../../testing/tls/client.pfx", CertKeyFormatPKCS12)
+	guessFormat(t, "../../testing/tls/client.der", CertKeyFormatDER)
+	forceFormat(t, "../../testing/tls/client.guess", CertKeyFormatPEM, CertKeyFormatPEM)
 }
 
 func guessFormat(t *testing.T, filename string, formatExpected CertificateKeyFormat) {

mk-test-files.sh

@@ -55,3 +55,23 @@ cs sign wrong-client --years 10 --CA wrong-ca
 # Create expired cert
 cs request-cert --common-name expired --ip 127.0.0.1 --domain localhost
 cs sign expired --years 0 --CA ca
+
+# Create DER PKCS12 file
+openssl x509  -outform der -in tls/ca.crt -out tls/ca.der
+openssl x509  -outform der -in tls/client.crt -out tls/client.der
+openssl x509  -outform der -in tls/client.crt -out tls/client.der
+openssl x509  -text -in tls/client.crt > tls/client.cer
+sed '1s/^/invalidGuess/' tls/client.cer > tls/client.guess
+openssl pkcs12 -export \
+	-in tls/client.crt \
+	-inkey tls/client.key \
+	-certfile tls/ca.crt \
+	-out tls/client.pfx \
+	-password pass:
+openssl pkcs12 -export \
+	-in tls/client.crt \
+	-inkey tls/client.key \
+	-certfile tls/ca.crt \
+	-out tls/client_pass.pfx \
+	-password pass:pfxpassword
+