-
Notifications
You must be signed in to change notification settings - Fork 111
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Yash Pimple <yashpimple22@gmail.com>
- Loading branch information
1 parent
050a49c
commit 682b903
Showing
3 changed files
with
150 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
package kubeutils | ||
|
||
import ( | ||
"crypto/rand" | ||
"crypto/rsa" | ||
"crypto/x509" | ||
"encoding/pem" | ||
"math/big" | ||
"testing" | ||
"time" | ||
) | ||
|
||
func TestValidateCertificateExpiration(t *testing.T) { | ||
certTemplate := &x509.Certificate{ | ||
SerialNumber: big.NewInt(1), | ||
NotBefore: time.Now(), | ||
NotAfter: time.Now().Add(24 * time.Hour), | ||
} | ||
|
||
privateKey, err := rsa.GenerateKey(rand.Reader, 2048) | ||
if err != nil { | ||
t.Fatalf("Failed to generate private key: %v", err) | ||
} | ||
|
||
certBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, certTemplate, &privateKey.PublicKey, privateKey) | ||
if err != nil { | ||
t.Fatalf("Failed to create certificate: %v", err) | ||
} | ||
|
||
certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certBytes}) | ||
|
||
testCases := []struct { | ||
name string | ||
certData []byte | ||
renewalThreshold time.Duration | ||
now time.Time | ||
expectedValid bool | ||
expectedErrorNil bool | ||
}{ | ||
{ | ||
name: "Valid certificate", | ||
certData: certPEM, | ||
renewalThreshold: 2 * time.Hour, | ||
now: time.Now().Add(21 * time.Hour), // Certificate is still valids | ||
expectedValid: true, | ||
expectedErrorNil: true, | ||
}, | ||
{ | ||
name: "Expired certificate", | ||
certData: certPEM, | ||
renewalThreshold: 2 * time.Hour, | ||
now: time.Now().Add(25 * time.Hour), // Certificate has expired | ||
expectedValid: false, | ||
expectedErrorNil: true, | ||
}, | ||
{ | ||
name: "Invalid PEM data", | ||
certData: []byte("invalid PEM data"), | ||
renewalThreshold: 2 * time.Hour, | ||
now: time.Now(), | ||
expectedValid: false, | ||
expectedErrorNil: true, | ||
}, | ||
} | ||
|
||
for _, tc := range testCases { | ||
t.Run(tc.name, func(t *testing.T) { | ||
valid, err := ValidateCertificateExpiration(tc.certData, tc.renewalThreshold, tc.now) | ||
if valid != tc.expectedValid { | ||
t.Errorf("Expected valid=%v, got %v", tc.expectedValid, valid) | ||
} | ||
if (err == nil) != tc.expectedErrorNil { | ||
t.Errorf("Expected error nil=%v, got error=%v", tc.expectedErrorNil, err) | ||
} | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters