@@ -20,6 +20,7 @@ package libreswan_test
2020
2121import (
2222 "context"
23+ _ "embed"
2324 "maps"
2425 "os"
2526 "os/exec"
@@ -33,11 +34,39 @@ import (
3334 "github.com/submariner-io/submariner/pkg/cable/libreswan"
3435)
3536
37+ //go:generate openssl req -x509 -newkey rsa:4096 -keyout certs/ca.key -out certs/ca.crt -sha256 -days 3650 -nodes -subj "/C=XX/ST=State/L=City/O=Company/OU=Organisation/CN=CA"
38+ //go:embed certs/ca.crt
39+ var caCertContent []byte
40+
41+ //go:generate openssl req -new -newkey rsa:4096 -keyout certs/test.key -out certs/test.csr -nodes -subj "/C=XX/ST=State/L=City/O=Company/OU=Organisation/CN=test"
42+ //go:generate openssl x509 -req -in certs/test.csr -CA certs/ca.crt -CAkey certs/ca.key -CAcreateserial -out certs/test.crt -days 3650
43+ //go:embed certs/test.crt
44+ var testCertContent []byte
45+
46+ //go:embed certs/test.key
47+ var testKeyContent []byte
48+
49+ //go:generate openssl req -new -newkey rsa:4096 -keyout certs/mock.key -out certs/mock.csr -nodes -subj "/C=XX/ST=State/L=City/O=Company/OU=Organisation/CN=mock"
50+ //go:generate openssl x509 -req -in certs/mock.csr -CA certs/ca.crt -CAkey certs/ca.key -CAcreateserial -out certs/mock.crt -days 3650
51+ //go:embed certs/mock.crt
52+ var mockCertContent []byte
53+
54+ //go:embed certs/mock.key
55+ var mockKeyContent []byte
56+
57+ //go:generate openssl req -new -newkey rsa:4096 -keyout certs/new.key -out certs/new.csr -nodes -subj "/C=XX/ST=State/L=City/O=Company/OU=Organisation/CN=new"
58+ //go:generate openssl x509 -req -in certs/new.csr -CA certs/ca.crt -CAkey certs/ca.key -CAcreateserial -out certs/new.crt -days 3650
59+ //go:embed certs/new.crt
60+ var newCertContent []byte
61+
62+ //go:embed certs/new.key
63+ var newKeyContent []byte
64+
3665var _ = Describe ("CertificateHandler" , func () {
3766 certData := map [string ][]byte {
38- certificate .CADataKey : [] byte ( "-----BEGIN CERTIFICATE----- \n MOCK_CA_CERT \n -----END CERTIFICATE-----" ) ,
39- certificate .TLSDataKey : [] byte ( "-----BEGIN CERTIFICATE----- \n MOCK_CLIENT_CERT \n -----END CERTIFICATE-----" ) ,
40- certificate .PrivateKeyDataKey : [] byte ( "-----BEGIN PRIVATE KEY----- \n MOCK_CLIENT_KEY \n -----END PRIVATE KEY-----" ) ,
67+ certificate .CADataKey : caCertContent ,
68+ certificate .TLSDataKey : testCertContent ,
69+ certificate .PrivateKeyDataKey : testKeyContent ,
4170 }
4271
4372 var (
@@ -69,16 +98,15 @@ var _ = Describe("CertificateHandler", func() {
6998 cmdExecutor .AwaitCommand (ContainSubstring ("certutil" ), "-N" , "-d" , "sql:" + handler .NSSDatabaseDir ())
7099 assertCmdStdIn (cmdExecutor .AwaitCommand (ContainSubstring ("certutil" ), "-A" , libreswan .CACertName ,
71100 "-d" , "sql:" + handler .NSSDatabaseDir ()), certData [certificate .CADataKey ])
72- cmdExecutor .AwaitCommand (ContainSubstring ("openssl" ), "pkcs12" , "-export" , "-name" , libreswan .ClientCertName )
73101 cmdExecutor .AwaitCommand (ContainSubstring ("pk12util" ), "-d" , "sql:" + handler .NSSDatabaseDir ())
74102 cmdExecutor .Clear ()
75103
76104 By ("Invoking OnSignedCallback with new cert data" )
77105
78106 newCertData := map [string ][]byte {
79- certificate .CADataKey : [] byte ( "NEW_CA_CERT" ) ,
80- certificate .TLSDataKey : [] byte ( "NEW_CLIENT_CERT" ) ,
81- certificate .PrivateKeyDataKey : [] byte ( "NEW_CLIENT_KEY" ) ,
107+ certificate .CADataKey : caCertContent ,
108+ certificate .TLSDataKey : newCertContent ,
109+ certificate .PrivateKeyDataKey : newKeyContent ,
82110 }
83111 Expect (handler .OnSignedCallback (newCertData )).To (Succeed ())
84112
@@ -132,7 +160,7 @@ var _ = Describe("CertificateHandler", func() {
132160 Expect (err ).NotTo (HaveOccurred ())
133161
134162 newCertData := maps .Clone (certData )
135- newCertData [certificate .CADataKey ] = [] byte ( "NEW_CA_CERT" )
163+ newCertData [certificate .CADataKey ] = caCertContent
136164 Expect (handler .OnSignedCallback (newCertData )).To (Succeed ())
137165
138166 cmdExecutor .EnsureNoCommand (ContainSubstring ("certutil" ), "-N" )
@@ -159,9 +187,9 @@ func (m *mockSigningRequestor) Issue(_ context.Context, _ string, sanIPs []strin
159187 }
160188
161189 certData := map [string ][]byte {
162- certificate .TLSDataKey : [] byte ( "mock-tls-cert" ) ,
163- certificate .PrivateKeyDataKey : [] byte ( "mock-tls-key" ) ,
164- certificate .CADataKey : [] byte ( "mock-ca-cert" ) ,
190+ certificate .TLSDataKey : mockCertContent ,
191+ certificate .PrivateKeyDataKey : mockKeyContent ,
192+ certificate .CADataKey : caCertContent ,
165193 }
166194
167195 return onSigned (certData )
0 commit comments