transform gencert subpackage to helper function

test/helpers.go

@@ -18,17 +18,27 @@
 package test
 
 import (
+	"bytes"
 	"context"
 	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
 	"fmt"
 	"io"
+	"log"
+	"math/big"
+	"net"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
 	"os"
 	"path"
 	"path/filepath"
 	"testing"
+	"time"
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-containerregistry/pkg/authn"
@@ -443,3 +453,171 @@ func downloadAndSetEnv(t *testing.T, url, envVar, dir string) error {
 	t.Setenv(envVar, f.Name())
 	return nil
 }
+func GenerateCertificateBundle(td string, genIntermediate bool, outputSuffix string) (
+	caCertBuf *bytes.Buffer,
+	caPrivKeyBuf *bytes.Buffer,
+	caIntermediateCertBuf *bytes.Buffer,
+	caIntermediatePrivKeyBuf *bytes.Buffer,
+	certBuf *bytes.Buffer,
+	keyBuf *bytes.Buffer,
+	err error,
+) {
+	// set up our CA certificate
+	ca := &x509.Certificate{
+		SerialNumber: big.NewInt(2019),
+		Subject: pkix.Name{
+			Organization:       []string{"CA Company, INC."},
+			OrganizationalUnit: []string{"CA Root Team"},
+			Country:            []string{"US"},
+			Province:           []string{""},
+			Locality:           []string{"San Francisco"},
+			StreetAddress:      []string{"Golden Gate Bridge"},
+			PostalCode:         []string{"94016"},
+		},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().AddDate(10, 0, 0),
+		IsCA:                  true,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning /*, x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth */},
+		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		BasicConstraintsValid: true,
+		EmailAddresses:        []string{"ca@example.com"},
+	}
+
+	// create our private and public key
+	caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// create the CA
+	caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	caCertBuf = &bytes.Buffer{}
+	err = pem.Encode(caCertBuf, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: caBytes,
+	})
+	if err != nil {
+		log.Fatalf("unable to write PEM encode: %v", err)
+	}
+
+	caPrivKeyBuf = &bytes.Buffer{}
+	err = pem.Encode(caPrivKeyBuf, &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey),
+	})
+	if err != nil {
+		log.Fatalf("unable to create encode to buffer: %v", err) //nolint:gocritic
+	}
+
+	// generate intermediate CA if requested
+	var caIntermediate *x509.Certificate
+	var caIntermediatePrivKey *rsa.PrivateKey
+	if genIntermediate {
+		caIntermediate = &x509.Certificate{
+			SerialNumber: big.NewInt(2019),
+			Subject: pkix.Name{
+				Organization:       []string{"CA Company, INC."},
+				OrganizationalUnit: []string{"CA Intermediate Team"},
+				Country:            []string{"US"},
+				Province:           []string{""},
+				Locality:           []string{"San Francisco"},
+				StreetAddress:      []string{"Golden Gate Bridge"},
+				PostalCode:         []string{"94016"},
+			},
+			NotBefore:             time.Now(),
+			NotAfter:              time.Now().AddDate(10, 0, 0),
+			IsCA:                  true,
+			ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning /*, x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth */},
+			KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+			BasicConstraintsValid: true,
+			EmailAddresses:        []string{"ca@example.com"},
+		}
+		// create our private and public key
+		caIntermediatePrivKey, err = rsa.GenerateKey(rand.Reader, 4096)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		// create the Intermediate CA
+		caIntermediateBytes, err := x509.CreateCertificate(rand.Reader, caIntermediate, ca, &caIntermediatePrivKey.PublicKey, caPrivKey)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		caIntermediateCertBuf = &bytes.Buffer{}
+		err = pem.Encode(caIntermediateCertBuf, &pem.Block{
+			Type:  "CERTIFICATE",
+			Bytes: caIntermediateBytes,
+		})
+		if err != nil {
+			log.Fatalf("unable to write to buffer: %v", err)
+		}
+		caIntermediatePrivKeyBuf = &bytes.Buffer{}
+		err = pem.Encode(caIntermediatePrivKeyBuf, &pem.Block{
+			Type:  "RSA PRIVATE KEY",
+			Bytes: x509.MarshalPKCS1PrivateKey(caIntermediatePrivKey),
+		})
+		if err != nil {
+			log.Fatalf("unable to create caIntermediatePrivKey %s: %v", td, err) //nolint:gocritic
+		}
+	}
+	// set up our server certificate
+	cert := &x509.Certificate{
+		SerialNumber: big.NewInt(2019),
+		Subject: pkix.Name{
+			Organization:       []string{"End User"},
+			OrganizationalUnit: []string{"End Node Team"},
+			Country:            []string{"US"},
+			Province:           []string{""},
+			Locality:           []string{"San Francisco"},
+			StreetAddress:      []string{"Golden Gate Bridge"},
+			PostalCode:         []string{"94016"},
+		},
+		IPAddresses:    []net.IP{net.IPv4(127, 0, 0, 1), net.IPv6loopback},
+		NotBefore:      time.Now(),
+		NotAfter:       time.Now().AddDate(10, 0, 0),
+		SubjectKeyId:   []byte{1, 2, 3, 4, 6},
+		ExtKeyUsage:    []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning /* x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth */},
+		KeyUsage:       x509.KeyUsageDigitalSignature,
+		EmailAddresses: []string{"xyz@nosuchprovider.com"},
+		DNSNames:       []string{"next.hugeunicorn.xyz"},
+	}
+
+	certPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	var certBytes []byte
+	if !genIntermediate {
+		certBytes, err = x509.CreateCertificate(rand.Reader, cert, ca, &certPrivKey.PublicKey, caPrivKey)
+	} else {
+		certBytes, err = x509.CreateCertificate(rand.Reader, cert, caIntermediate, &caIntermediatePrivKey.PublicKey, caIntermediatePrivKey)
+	}
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	certBuf = &bytes.Buffer{}
+	err = pem.Encode(certBuf, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: certBytes,
+	})
+	if err != nil {
+		log.Fatalf("failed to encode cert: %v", err)
+	}
+
+	keyBuf = &bytes.Buffer{}
+	err = pem.Encode(keyBuf, &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey),
+	})
+	if err != nil {
+		log.Fatalf("failed to encode private key to buffer: %v", err)
+	}
+	return caCertBuf, caPrivKeyBuf, caIntermediateCertBuf, caIntermediatePrivKeyBuf, certBuf, keyBuf, nil
+}

test/helpers_test.go

@@ -0,0 +1,12 @@
+//go:build e2e
+
+package test
+
+import "testing"
+
+func TestGenerateCertificateBundle(t *testing.T) {
+	_, _, _, _, _, _, err := GenerateCertificateBundle("functest", true, "foobar")
+	if err != nil {
+		t.Fatalf("Error generating certificate bundle: %v", err)
+	}
+}