Move certificate mock to another package

Signed-off-by: Mustafa Abdelrahman <mustafa.abdelrahman@zalando.de>
zalando-incubator · Jun 14, 2023 · 8ad8e8f · 8ad8e8f
1 parent 7893e17
commit 8ad8e8f
Show file tree

Hide file tree

Showing 2 changed files with 128 additions and 123 deletions.
diff --git a/certs/fake/certificate.go b/certs/fake/certificate.go
@@ -0,0 +1,126 @@
+package fake
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"fmt"
+	"math/big"
+	"sync"
+	"time"
+
+	"github.com/zalando-incubator/kube-ingress-aws-controller/certs"
+)
+
+type caSingleton struct {
+	once      sync.Once
+	err       error
+	chainKey  *rsa.PrivateKey
+	roots     *x509.CertPool
+	chainCert *x509.Certificate
+}
+
+type CertificateProvider struct {
+	ca caSingleton
+}
+
+func (m *CertificateProvider) GetCertificates() ([]*certs.CertificateSummary, error) {
+	tenYears := time.Hour * 24 * 365 * 10
+	altNames := []string{"foo.bar.org"}
+	arn := "DUMMY"
+	notBefore := time.Now()
+	notAfter := time.Now().Add(time.Hour * 24)
+
+	m.ca.once.Do(func() {
+		caKey, err := rsa.GenerateKey(rand.Reader, 2048)
+		if err != nil {
+			m.ca.err = fmt.Errorf("unable to generate CA key: %v", err)
+			return
+		}
+
+		caCert := x509.Certificate{
+			SerialNumber: big.NewInt(1),
+			Subject: pkix.Name{
+				Organization: []string{"Testing CA"},
+			},
+			NotBefore: time.Time{},
+			NotAfter:  time.Now().Add(tenYears),
+
+			KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+			BasicConstraintsValid: true,
+
+			IsCA: true,
+		}
+		caBody, err := x509.CreateCertificate(rand.Reader, &caCert, &caCert, caKey.Public(), caKey)
+		if err != nil {
+			m.ca.err = fmt.Errorf("unable to generate CA certificate: %v", err)
+			return
+		}
+		caReparsed, err := x509.ParseCertificate(caBody)
+		if err != nil {
+			m.ca.err = fmt.Errorf("unable to parse CA certificate: %v", err)
+			return
+		}
+		m.ca.roots = x509.NewCertPool()
+		m.ca.roots.AddCert(caReparsed)
+
+		chainKey, err := rsa.GenerateKey(rand.Reader, 2048)
+		if err != nil {
+			m.ca.err = fmt.Errorf("unable to generate sub-CA key: %v", err)
+			return
+		}
+		chainCert := x509.Certificate{
+			SerialNumber: big.NewInt(2),
+			Subject: pkix.Name{
+				Organization: []string{"Testing Sub-CA"},
+			},
+			NotBefore: time.Time{},
+			NotAfter:  time.Now().Add(tenYears),
+
+			KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+			BasicConstraintsValid: true,
+
+			IsCA: true,
+		}
+		chainBody, err := x509.CreateCertificate(rand.Reader, &chainCert, caReparsed, chainKey.Public(), caKey)
+		if err != nil {
+			m.ca.err = fmt.Errorf("unable to generate sub-CA certificate: %v", err)
+		}
+		chainReparsed, err := x509.ParseCertificate(chainBody)
+		if err != nil {
+			m.ca.err = fmt.Errorf("unable to parse sub-CA certificate: %v", err)
+			return
+		}
+
+		m.ca.chainKey = chainKey
+		m.ca.chainCert = chainReparsed
+	})
+
+	certKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return nil, fmt.Errorf("unable to generate certificate key: %v", err)
+	}
+	cert := x509.Certificate{
+		SerialNumber: big.NewInt(3),
+		DNSNames:     altNames,
+		NotBefore:    notBefore,
+		NotAfter:     notAfter,
+
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+	}
+
+	body, err := x509.CreateCertificate(rand.Reader, &cert, m.ca.chainCert, certKey.Public(), m.ca.chainKey)
+	if err != nil {
+		return nil, err
+	}
+	reparsed, err := x509.ParseCertificate(body)
+	if err != nil {
+		return nil, err
+	}
+
+	c := certs.NewCertificate(arn, reparsed, []*x509.Certificate{m.ca.chainCert})
+	return []*certs.CertificateSummary{c.WithRoots(m.ca.roots)}, nil
+}
diff --git a/worker_test.go b/worker_test.go
@@ -2,12 +2,7 @@ package main
 
 import (
 	"context"
-	"crypto/rand"
-	"crypto/rsa"
 	"crypto/x509"
-	"crypto/x509/pkix"
-	"fmt"
-	"math/big"
 	"net/http/httptest"
 	"os"
 	"reflect"
@@ -27,125 +22,9 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 
 	"github.com/zalando-incubator/kube-ingress-aws-controller/aws/fake"
+	certsfake "github.com/zalando-incubator/kube-ingress-aws-controller/certs/fake"
 )
 
-// TODO(LThiesen): This should be extracted to another file.
-// This is also just a copy of certs test so it might be useful
-// to just distribute it in a separate package like aws/fake
-type caSingleton struct {
-	once      sync.Once
-	err       error
-	chainKey  *rsa.PrivateKey
-	roots     *x509.CertPool
-	chainCert *x509.Certificate
-}
-
-type mockedCertificateProvider struct {
-	t  *testing.T
-	ca caSingleton
-}
-
-func (m *mockedCertificateProvider) GetCertificates() ([]*certs.CertificateSummary, error) {
-	tenYears := time.Hour * 24 * 365 * 10
-	altNames := []string{"foo.bar.org"}
-	arn := "DUMMY"
-	notBefore := time.Now()
-	notAfter := time.Now().Add(time.Hour * 24)
-
-	m.ca.once.Do(func() {
-		caKey, err := rsa.GenerateKey(rand.Reader, 2048)
-		if err != nil {
-			m.ca.err = fmt.Errorf("unable to generate CA key: %v", err)
-			return
-		}
-
-		caCert := x509.Certificate{
-			SerialNumber: big.NewInt(1),
-			Subject: pkix.Name{
-				Organization: []string{"Testing CA"},
-			},
-			NotBefore: time.Time{},
-			NotAfter:  time.Now().Add(tenYears),
-
-			KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
-			BasicConstraintsValid: true,
-
-			IsCA: true,
-		}
-		caBody, err := x509.CreateCertificate(rand.Reader, &caCert, &caCert, caKey.Public(), caKey)
-		if err != nil {
-			m.ca.err = fmt.Errorf("unable to generate CA certificate: %v", err)
-			return
-		}
-		caReparsed, err := x509.ParseCertificate(caBody)
-		if err != nil {
-			m.ca.err = fmt.Errorf("unable to parse CA certificate: %v", err)
-			return
-		}
-		m.ca.roots = x509.NewCertPool()
-		m.ca.roots.AddCert(caReparsed)
-
-		chainKey, err := rsa.GenerateKey(rand.Reader, 2048)
-		if err != nil {
-			m.ca.err = fmt.Errorf("unable to generate sub-CA key: %v", err)
-			return
-		}
-		chainCert := x509.Certificate{
-			SerialNumber: big.NewInt(2),
-			Subject: pkix.Name{
-				Organization: []string{"Testing Sub-CA"},
-			},
-			NotBefore: time.Time{},
-			NotAfter:  time.Now().Add(tenYears),
-
-			KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
-			BasicConstraintsValid: true,
-
-			IsCA: true,
-		}
-		chainBody, err := x509.CreateCertificate(rand.Reader, &chainCert, caReparsed, chainKey.Public(), caKey)
-		if err != nil {
-			m.ca.err = fmt.Errorf("unable to generate sub-CA certificate: %v", err)
-			return
-		}
-		chainReparsed, err := x509.ParseCertificate(chainBody)
-		if err != nil {
-			m.ca.err = fmt.Errorf("unable to parse sub-CA certificate: %v", err)
-			return
-		}
-
-		m.ca.chainKey = chainKey
-		m.ca.chainCert = chainReparsed
-	})
-
-	certKey, err := rsa.GenerateKey(rand.Reader, 2048)
-	if err != nil {
-		require.NoErrorf(m.t, err, "unable to generate certificate key")
-	}
-	cert := x509.Certificate{
-		SerialNumber: big.NewInt(3),
-		DNSNames:     altNames,
-		NotBefore:    notBefore,
-		NotAfter:     notAfter,
-
-		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		BasicConstraintsValid: true,
-	}
-
-	body, err := x509.CreateCertificate(rand.Reader, &cert, m.ca.chainCert, certKey.Public(), m.ca.chainKey)
-	if err != nil {
-		require.NoErrorf(m.t, err, "unable to generate certificate")
-	}
-	reparsed, err := x509.ParseCertificate(body)
-	if err != nil {
-		require.NoErrorf(m.t, err, "unable to parse certificate")
-	}
-
-	c := certs.NewCertificate(arn, reparsed, []*x509.Certificate{m.ca.chainCert})
-	return []*certs.CertificateSummary{c.WithRoots(m.ca.roots)}, nil
-}
-
 func TestResourceConversion(tt *testing.T) {
 	clusterIDTagPrefix := "kubernetes.io/cluster/"
 	clusterID := "aws:123:eu-central-1:kube-1"
@@ -326,7 +205,7 @@ func TestResourceConversion(tt *testing.T) {
 				t.Fatal(err)
 			}
 			log.SetLevel(log.DebugLevel)
-			problems := doWork(&mockedCertificateProvider{t: t}, 10, time.Hour, a, k, "")
+			problems := doWork(&certsfake.CertificateProvider{}, 10, time.Hour, a, k, "")
 			if len(problems.Errors()) > 0 {
 				t.Error(problems.Errors())
 			}