-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathca_test.go
More file actions
100 lines (88 loc) · 2.58 KB
/
Copy pathca_test.go
File metadata and controls
100 lines (88 loc) · 2.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
package groxy
import (
"crypto/x509"
"os"
"path/filepath"
"testing"
"time"
)
func TestNewCA_CreatesValidCA(t *testing.T) {
ca, err := NewCA(CAConfig{
CommonName: "Test Groxy CA",
ValidFor: time.Hour,
})
if err != nil {
t.Fatalf("NewCA() error = %v", err)
}
if ca.cert == nil {
t.Fatal("expected CA certificate")
}
if ca.key == nil {
t.Fatal("expected CA private key")
}
if !ca.cert.IsCA {
t.Fatal("expected generated certificate to be a CA")
}
if ca.cert.Subject.CommonName != "Test Groxy CA" {
t.Fatalf("common name = %q, want %q", ca.cert.Subject.CommonName, "Test Groxy CA")
}
if ca.cert.KeyUsage&x509.KeyUsageCertSign == 0 {
t.Fatal("expected generated CA to allow certificate signing")
}
}
func TestNewCA_AppliesDefaults(t *testing.T) {
ca, err := NewCA(CAConfig{})
if err != nil {
t.Fatalf("NewCA() error = %v", err)
}
if ca.cert.Subject.CommonName != defaultCACommonName {
t.Fatalf("common name = %q, want %q", ca.cert.Subject.CommonName, defaultCACommonName)
}
}
func TestNewCA_RejectsNegativeValidFor(t *testing.T) {
if _, err := NewCA(CAConfig{ValidFor: -time.Second}); err == nil {
t.Fatal("expected error for negative validity duration, got nil")
}
}
func TestCA_WriteFilesAndLoadCAFiles(t *testing.T) {
ca, err := NewCA(CAConfig{CommonName: "Write Load Test CA"})
if err != nil {
t.Fatalf("NewCA() error = %v", err)
}
dir := t.TempDir()
certFile := filepath.Join(dir, "ca.pem")
keyFile := filepath.Join(dir, "ca-key.pem")
if err := ca.WriteFiles(certFile, keyFile); err != nil {
t.Fatalf("WriteFiles() error = %v", err)
}
loaded, err := LoadCAFiles(certFile, keyFile)
if err != nil {
t.Fatalf("LoadCAFiles() error = %v", err)
}
if !loaded.cert.Equal(ca.cert) {
t.Fatal("loaded CA certificate does not match written certificate")
}
if loaded.key.N.Cmp(ca.key.N) != 0 {
t.Fatal("loaded CA key does not match written key")
}
}
func TestLoadCAFiles_ReturnsErrorForInvalidCertificate(t *testing.T) {
dir := t.TempDir()
certFile := filepath.Join(dir, "ca.pem")
keyFile := filepath.Join(dir, "ca-key.pem")
if err := os.WriteFile(certFile, []byte("not pem"), 0644); err != nil {
t.Fatalf("WriteFile() error = %v", err)
}
if err := os.WriteFile(keyFile, []byte("not pem"), 0600); err != nil {
t.Fatalf("WriteFile() error = %v", err)
}
if _, err := LoadCAFiles(certFile, keyFile); err == nil {
t.Fatal("expected error for invalid certificate, got nil")
}
}
func TestCA_WriteFilesRejectsNilCA(t *testing.T) {
var ca *CA
if err := ca.WriteFiles("ca.pem", "ca-key.pem"); err == nil {
t.Fatal("expected error for nil CA, got nil")
}
}