forked from getlantern/keyman
-
Notifications
You must be signed in to change notification settings - Fork 1
/
keyman_test.go
73 lines (57 loc) · 2.13 KB
/
keyman_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package keyman
import (
"net"
"os"
"testing"
"time"
"github.com/stretchr/testify/assert"
)
const (
PK_FILE = "testpk.pem"
CERT_FILE = "testcert.pem"
ONE_WEEK = 7 * 24 * time.Hour
TWO_WEEKS = ONE_WEEK * 2
)
func TestRoundTrip(t *testing.T) {
defer func() {
if err := os.Remove(PK_FILE); err != nil {
log.Debugf("Unable to remove file: %v", err)
}
}()
defer func() {
if err := os.Remove(CERT_FILE); err != nil {
log.Debugf("Unable to remove file: %v", err)
}
}()
pk, err := GeneratePK(1024)
assert.NoError(t, err, "Unable to generate PK")
err = pk.WriteToFile(PK_FILE)
assert.NoError(t, err, "Unable to save PK")
pk2, err := LoadPKFromFile(PK_FILE)
assert.NoError(t, err, "Unable to load PK")
assert.Equal(t, pk.PEMEncoded(), pk2.PEMEncoded(), "Loaded PK didn't match saved PK")
cert, err := pk.TLSCertificateFor("Test Org", "127.0.0.1", "127.0.0.1", time.Now().Add(TWO_WEEKS), true, nil)
assert.NoError(t, err, "Unable to generate self-signed certificate")
numberOfIPSANs := len(cert.X509().IPAddresses)
if numberOfIPSANs != 1 {
t.Errorf("Wrong number of SANs, expected 1 got %d", numberOfIPSANs)
} else {
ip := cert.X509().IPAddresses[0]
expectedIP := net.ParseIP("127.0.0.1")
assert.Equal(t, expectedIP.String(), ip.String(), "Wrong IP SAN")
}
err = cert.WriteToFile(CERT_FILE)
assert.NoError(t, err, "Unable to write certificate to file")
cert2, err := LoadCertificateFromFile(CERT_FILE)
assert.NoError(t, err, "Unable to load certificate from file")
assert.Equal(t, cert.PEMEncoded(), cert2.PEMEncoded(), "Loaded certificate didn't match saved certificate")
_, err = pk.Certificate(cert.X509(), cert)
assert.NoError(t, err, "Unable to generate certificate signed by original certificate")
pk3, err := GeneratePK(1024)
assert.NoError(t, err, "Unable to generate PK 3")
_, err = pk.CertificateForKey(cert.X509(), cert, &pk3.rsaKey.PublicKey)
assert.NoError(t, err, "Unable to generate certificate for pk3")
x509rt, err := LoadCertificateFromX509(cert.X509())
assert.NoError(t, err, "Unable to load certificate from X509")
assert.Equal(t, cert, x509rt, "X509 round tripped cert didn't match original")
}