forked from kyma-project/kyma
/
certs.go
executable file
·105 lines (81 loc) · 2.85 KB
/
certs.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package testkit
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/base64"
"encoding/pem"
"strings"
"testing"
"github.com/stretchr/testify/require"
)
const (
rsaKeySize = 2048
)
// Create Key generates rsa.PrivateKey
func CreateKey(t *testing.T) *rsa.PrivateKey {
key, err := rsa.GenerateKey(rand.Reader, rsaKeySize)
require.NoError(t, err)
return key
}
// CreateCsr creates CSR request
func CreateCsr(t *testing.T, certInfo CertInfo, keys *rsa.PrivateKey) []byte {
subjectInfo := extractSubject(certInfo.Subject)
subject := pkix.Name{
CommonName: subjectInfo["CN"],
Country: []string{subjectInfo["C"]},
Organization: []string{subjectInfo["O"]},
OrganizationalUnit: []string{subjectInfo["OU"]},
Locality: []string{subjectInfo["L"]},
Province: []string{subjectInfo["ST"]},
}
var csrTemplate = x509.CertificateRequest{
Subject: subject,
}
// step: generate the csr request
csrCertificate, err := x509.CreateCertificateRequest(rand.Reader, &csrTemplate, keys)
require.NoError(t, err)
csr := pem.EncodeToMemory(&pem.Block{
Type: "CERTIFICATE REQUEST", Bytes: csrCertificate,
})
return csr
}
// CrtResponseToPemBytes decodes certificate form CrtResponse and return pemBlock.Bytes
func CrtResponseToPemBytes(t *testing.T, certResponse *CrtResponse) []byte {
crtBytes, err := base64.StdEncoding.DecodeString(certResponse.Crt)
require.NoError(t, err)
pemBlock, _ := pem.Decode(crtBytes)
require.NotNil(t, pemBlock)
return pemBlock.Bytes
}
// DecodeAndParseCert decodes base64 encoded certificate and parses it
func DecodeAndParseCert(t *testing.T, crtResponse *CrtResponse) *x509.Certificate {
certBytes := CrtResponseToPemBytes(t, crtResponse)
certificate, err := x509.ParseCertificate(certBytes)
require.NoError(t, err)
return certificate
}
// CheckIfSubjectEquals verifies that specified subject is equal to this in certificate
func CheckIfSubjectEquals(t *testing.T, expectedSubject string, certificate *x509.Certificate) {
subjectInfo := extractSubject(expectedSubject)
actualSubject := certificate.Subject
require.Equal(t, subjectInfo["CN"], actualSubject.CommonName)
require.Equal(t, []string{subjectInfo["C"]}, actualSubject.Country)
require.Equal(t, []string{subjectInfo["O"]}, actualSubject.Organization)
require.Equal(t, []string{subjectInfo["OU"]}, actualSubject.OrganizationalUnit)
require.Equal(t, []string{subjectInfo["L"]}, actualSubject.Locality)
require.Equal(t, []string{subjectInfo["ST"]}, actualSubject.Province)
}
func EncodeBase64(src []byte) string {
return base64.StdEncoding.EncodeToString(src)
}
func extractSubject(subject string) map[string]string {
result := map[string]string{}
segments := strings.Split(subject, ",")
for _, segment := range segments {
parts := strings.Split(segment, "=")
result[parts[0]] = parts[1]
}
return result
}