Skip to content

Commit

Permalink
Added certreq test
Browse files Browse the repository at this point in the history
  • Loading branch information
@thom-at-redhat @AaronH88
thom-at-redhat authored and AaronH88 committed Feb 2, 2024
1 parent 94cf499 commit 9f05dd2
Showing 1 changed file with 219 additions and 0 deletions.
219 changes: 219 additions & 0 deletions pkg/certificates/ca_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package certificates_test
import (
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"io"
Expand Down Expand Up @@ -284,3 +285,221 @@ func TestCreateCANegative(t *testing.T) {
})
}
}

func TestCreateCertReqValid(t *testing.T) {
type args struct {
opts *certificates.CertOptions
privateKey *rsa.PrivateKey
}

goodCaTimeAfterString := "2032-01-07T00:03:51Z"
goodCaTimeAfter, err := time.Parse(time.RFC3339, goodCaTimeAfterString)
if err != nil {
t.Errorf("Error parsing time %s: %v", goodCaTimeAfterString, err)
}

goodCaTimeBeforeString := "2022-01-07T00:03:51Z"
goodCaTimeBefore, err := time.Parse(time.RFC3339, goodCaTimeBeforeString)
if err != nil {
t.Errorf("Error parsing time %s: %v", goodCaTimeBeforeString, err)
}

goodCertOptions := certificates.CertOptions{
Bits: 4096,
CommonName: "Ansible Automation Controller Nodes Mesh",
NotAfter: goodCaTimeAfter,
NotBefore: goodCaTimeBefore,
}

goodCertificateRequest := &x509.CertificateRequest{
Attributes: nil,
DNSNames: nil,
EmailAddresses: nil,
Extensions: nil,
ExtraExtensions: nil,
IPAddresses: nil,
PublicKeyAlgorithm: x509.RSA,
SignatureAlgorithm: x509.SHA256WithRSA,
Subject: pkix.Name{
CommonName: goodCertOptions.CommonName,
Country: nil,
ExtraNames: []pkix.AttributeTypeAndValue{},
Locality: nil,
Names: []pkix.AttributeTypeAndValue{},
Organization: nil,
OrganizationalUnit: nil,
PostalCode: nil,
Province: nil,
SerialNumber: "",
StreetAddress: nil,
},
URIs: nil,
Version: 0,
}

goodPrivateKeyBlock, _ := pem.Decode([]byte(`-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAp17EU0yKFdjqoec7zSc0AWDmT6cZpys8C74HqKeOArJPvswE
b4OVyKZj20hFNj2N6TRry0x+pw+eP2XziEc0jdIqb33K6SbZKyezmKNYF+0TlzN9
Md249inCf3DIDImTEC6j3oCobTByxs9E1/tDHyeY6k5aMFY0gMlISuqTLX9iEqR6
jgOrr5i4VIZK7lK1JBzJ28FjE86zvEAzGnS71foYlmTWRWn+l7d5TQUWPsq17khu
2TnP+lLFg2+DVQCy9ZidCI30noiufEn/FR1GODBI8vFVtpXwEVP5nDZMa1GNQwTa
ec3BzIcKC5CyHfdD8hcs1zAwr2cR6xhMLWdt1AGGP8AL8NV1puVyQYi82i9dnUrb
h3mYLQFDrnEB7xDoJbz4pVOryn+TxXcaqChDsF7YC1E5cOKLZtm1seadiz5cZDwK
WwL+1GsYk23KbiDIfFk00pPxFIKchFI6YYjdLqp6dnx/TJsp/IYEgfyn+hYSGRZd
1TDTesfFU5Ki5M1RvFHePIBR362lUF72i3Awwi8U3nWuk4erk8Nswonwc121sWSo
5Yp8fDBDP5CANcHv8JcLGMKUDYZGzqK0d3iehMXZdQK/Jd4x6dvd4Qr8VDbsxuWf
aDwzEOjEpvMcawTdqWGTS9wwlmidJ47jY2HjUe5e7PvYm1+UQ/rgEoguoTsCAwEA
AQKCAgApCj3Nxyjc7pGqHY82YPSJmf8fbPQHX7ybjH9IRb22v456VICJ75Qc3WAC
9xexkypnEqmT8i/kOxospY0vz3X9iJlLOWc2AIaj5FpPhU4mn8V7/+4k+h9OjTLa
GQeUu29KOoWIG7gw/f5G7bAN3di5nPYMDiZjT+AT7EdDx31LXL7pn1dF13ST3Djm
0P8yrSkpr713m1X2F2tPL9bYF+OvNmItDpDT+IerIBwoXKT1xLMTuMMllN2Anic8
cW2cvE0ll8R5woVHEnDmnSZlQQZk5MIegDrqSJ3TQeok+dOHRToEQv5ne6KXyk0W
RObIHkeU50XhhjmJ6RYltZGIWKI/QohWBECINhjmBxqGKBz5ultIOmeLPd5IlC+Y
ow+zQk8WuYaUIX2PAzhFnhRfxUsv2Zoljt2J4YC3oKsB9cynrhonozvwEJy9MJJF
a48+meJ6Wkm6LtcREPgbjFtfhrPKQlD+/kfHR6mxhjR977lgZAvrGhlBTZPKx/MF
r0ZOP34+Cw2ZDrHO1L7GQVEjY0JM2B6lCEYtI8Mxy04gqa+kRIjL+04WhjT1w2Lk
71tOBNNB2AqxK+aptqxLG2By4mlW7WliGZI0j/6caXkg02olL/WqeBWTKSoUXLd6
LD523A02VHQgBDhTdIjezKI1FpAVKCXdHuwgqSWPQiQx6FkdAQKCAQEA1YinOp0U
1/9nq5f9Oet5uOLLGNG5lpzvCY9tPk9gWjTlAes5aQ8Pftg+P6dGgAsVqGxT2NvS
uNSqYIBdm7Uy7jUG9m6PjQeQ7+oQ1vJqbryqr4QDwnAtHdWFfXak17YZs9YuhesP
l5h4Oxi43Q2tZalMUY/rAmn+URqI5jlSWYiH6D9p2j9mEzvFrPQLvsbDb6zbxlAv
8oaqOiOrQa+q3T+loeRX0ErN9qf84Vw7tc7Qp5a4siWyWIHKGHHVveB+ITcHJ2+7
KJf7saRAjcRyHxX3tsPyRVSfg37nIMoPHilnN8bbhgBs0eMq1zcQgEYVceWx4pcZ
GonabS85TBsqwQKCAQEAyKfZoot+oOOfWXMVBD761o4msd3fxRJlyS9RsPzRx7VO
rQNTw9fCmurcFnF444fCfnEVJ/bCh/rWETyt1wVQhuy+th16hq4NEwGOD87WBXCn
b3K8ZNbFDB9WL30q7bLe9UBw4j1ciHGKqpkjEACBrrdBF3HxVjBCQiHUKci3KK7E
j6rtmR97UJj3XtTU0XiFm2FNKRa+aw0OQ3rr5Bw9ZURd9aXoDCXUMoXgfFnUxLWd
y8Mdh5/PWmf8/o7/WqWpwejRJqfcGR1576QJXZjbduXG5zviDjwe5VKjgH5XRe8x
ytCa5Z6APGWA4hhuZYfERcCsirEPO4ruew+iE0c2+wKCAQAA7o28Rb83ihfLuegS
/qITWnoEa7XhoGGyqvuREAudmSl+rqYbfUNWDF+JK5O1L1cy2vYqthrfT55GuYiv
C0VjoLudC7J4rRXG1kCoj3pDbXNZPLw/dvnbbXkdqQzjHBpUnJSrZPE2eiXcLCly
XYLqNKjumjAuXIQNmo4KYymm1l+xdcVifHBXmSUtsgrzFC76J8j1vpfW+Rt5EXrH
2JpoSMTSRgrUD9+COg1ydlKUYoiqko/PxzZWCIr3PFfwcjBauMDBPU2VycQBbHQT
qk3NMO1Z0NUX1Fy12DHuBLO4L/oRVj7TAOF4sQMY2VarGKMzUgtKr9oeMYfQfipD
2MKBAoIBAQCyCFuNYP+FePDVyMoI7mhZHd8vSZFVpbEyBA4TXv4yl6eq0pzr0vAT
y/Zi42NDXh0vWt5Oix6mz+RHfvMvKMP+MugzZYxlGuD20BZf6ED0qrOkqsSFJBnJ
W7R4hjIknOQ97mM6GP+VAEjsfNsjQ4/MmUPjrXFX65GeY61/NVtteUNlxV7y0X/0
TwSM24HIKYtCBd8Uad2h1f+l19acmoHO7A4B+qYcwSO5gBdhvcKOliXfuMrmnuC3
cjSDGBVxNDOenReVmLIshn6+JWk55noy0ETevb8gqi8vgVcYlwCQSF6BeP02Zp+Y
9uaXtN2esAtxaDavB9JgHjDid0hymmkpAoIBABmtcLim8rEIo82NERAUvVHR7MxR
hXKx9g3bm1O0w7kJ16jyf5uyJ85JNi1XF2/AomSNWH6ikHuX5Xj6vOdL4Ki9jPDq
TOlmvys2LtCAMOM3e3NvzIfTnrQEurGusCQKxCbnlRk2W13j3uc2gVFgB3T1+w2H
lSEhzuFpDrxKrsE9QcCf7/Cju+2ir9h3FsPDRKoxfRJ2/onsgQ/Q7NODRRQGjwxw
P/Hli/j17jC7TdgC26JhtVHH7K5xC6iNL03Pf3GTSvwN1vK1BY2reoz1FtQrGZvM
rydzkVNNVeMVX2TER9yc8AdFqkRlaBWHmO61rYmV+N1quLM0uMVsu55ZNCY=
-----END RSA PRIVATE KEY-----`))

goodPrivateKey, err := x509.ParsePKCS1PrivateKey(goodPrivateKeyBlock.Bytes)
if err != nil {
t.Errorf("Error parsing Private Key: %v", err)
}

tests := []struct {
name string
args args
want *x509.CertificateRequest
wantErr bool
}{
{
name: "Positive test",
args: args{
opts: &goodCertOptions,
privateKey: goodPrivateKey,
},
want: goodCertificateRequest,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := certificates.CreateCertReq(tt.args.opts, tt.args.privateKey)
if (err != nil) != tt.wantErr {
t.Errorf("CreateCertReq() error = %v, wantErr %v", err, tt.wantErr)

return
}

if !reflect.DeepEqual(got.DNSNames, tt.want.DNSNames) {
t.Errorf("CreateCertReq() DNSNames got = %v, want = %v", got.DNSNames, tt.want.DNSNames)

return
}

if !reflect.DeepEqual(got.EmailAddresses, tt.want.EmailAddresses) {
t.Errorf("CreateCertReq() EmailAddresses got = %v, want = %v", got.EmailAddresses, tt.want.EmailAddresses)

return
}

if !reflect.DeepEqual(got.ExtraExtensions, tt.want.ExtraExtensions) {
t.Errorf("CreateCertReq() ExtraExtensions got = %v, want = %v", got.ExtraExtensions, tt.want.ExtraExtensions)

return
}

if !reflect.DeepEqual(got.IPAddresses, tt.want.IPAddresses) {
t.Errorf("CreateCertReq() IPAddresses got = %v, want = %v", got.IPAddresses, tt.want.IPAddresses)

return
}

if !reflect.DeepEqual(got.PublicKeyAlgorithm, tt.want.PublicKeyAlgorithm) {
t.Errorf("CreateCertReq() PublicKeyAlgorithm = %v, want = %v", got.PublicKeyAlgorithm, tt.want.PublicKeyAlgorithm)

return
}

if !reflect.DeepEqual(got.SignatureAlgorithm, tt.want.SignatureAlgorithm) {
t.Errorf("CreateCertReq() SignatureAlgorithm got = %v, want = %v", got.SignatureAlgorithm, tt.want.SignatureAlgorithm)

return
}

if !reflect.DeepEqual(got.URIs, tt.want.URIs) {
t.Errorf("CreateCertReq() URIs got = %v, want = %v", got.URIs, tt.want.URIs)

return
}

if !reflect.DeepEqual(got.Version, tt.want.Version) {
t.Errorf("CreateCertReq() Version got = %v, want = %v", got.Version, tt.want.Version)

return
}
})
}
}

func TestCreateCertReqNegative(t *testing.T) {
type args struct {
opts *certificates.CertOptions
privateKey *rsa.PrivateKey
}

badCertOptions := certificates.CertOptions{
Bits: -1,
}
tests := []struct {
name string
args args
want *x509.CertificateRequest
wantErr error
}{
{
name: "Negative test for Common Name",
args: args{
opts: &badCertOptions,
privateKey: nil,
},
want: nil,
wantErr: fmt.Errorf("must provide CommonName"),
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_, gotErr := certificates.CreateCertReq(tt.args.opts, tt.args.privateKey)
if gotErr == nil || gotErr.Error() != tt.wantErr.Error() {
t.Errorf("CreateCA() error = %v, wantErr = %v", gotErr, tt.wantErr)
}
})
}
}

0 comments on commit 9f05dd2

Please sign in to comment.