From 9f05dd25958cf7efe6cc038a5ac37c25339364ff Mon Sep 17 00:00:00 2001 From: Thom Carlin Date: Thu, 1 Feb 2024 17:14:11 -0500 Subject: [PATCH] Added certreq test --- pkg/certificates/ca_test.go | 219 ++++++++++++++++++++++++++++++++++++ 1 file changed, 219 insertions(+) diff --git a/pkg/certificates/ca_test.go b/pkg/certificates/ca_test.go index 67f9fc406..92423ce6f 100644 --- a/pkg/certificates/ca_test.go +++ b/pkg/certificates/ca_test.go @@ -6,6 +6,7 @@ package certificates_test import ( "crypto/rsa" "crypto/x509" + "crypto/x509/pkix" "encoding/pem" "fmt" "io" @@ -284,3 +285,221 @@ func TestCreateCANegative(t *testing.T) { }) } } + +func TestCreateCertReqValid(t *testing.T) { + type args struct { + opts *certificates.CertOptions + privateKey *rsa.PrivateKey + } + + goodCaTimeAfterString := "2032-01-07T00:03:51Z" + goodCaTimeAfter, err := time.Parse(time.RFC3339, goodCaTimeAfterString) + if err != nil { + t.Errorf("Error parsing time %s: %v", goodCaTimeAfterString, err) + } + + goodCaTimeBeforeString := "2022-01-07T00:03:51Z" + goodCaTimeBefore, err := time.Parse(time.RFC3339, goodCaTimeBeforeString) + if err != nil { + t.Errorf("Error parsing time %s: %v", goodCaTimeBeforeString, err) + } + + goodCertOptions := certificates.CertOptions{ + Bits: 4096, + CommonName: "Ansible Automation Controller Nodes Mesh", + NotAfter: goodCaTimeAfter, + NotBefore: goodCaTimeBefore, + } + + goodCertificateRequest := &x509.CertificateRequest{ + Attributes: nil, + DNSNames: nil, + EmailAddresses: nil, + Extensions: nil, + ExtraExtensions: nil, + IPAddresses: nil, + PublicKeyAlgorithm: x509.RSA, + SignatureAlgorithm: x509.SHA256WithRSA, + Subject: pkix.Name{ + CommonName: goodCertOptions.CommonName, + Country: nil, + ExtraNames: []pkix.AttributeTypeAndValue{}, + Locality: nil, + Names: []pkix.AttributeTypeAndValue{}, + Organization: nil, + OrganizationalUnit: nil, + PostalCode: nil, + Province: nil, + SerialNumber: "", + StreetAddress: nil, + }, + URIs: nil, + Version: 0, + } + + goodPrivateKeyBlock, _ := pem.Decode([]byte(`-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAp17EU0yKFdjqoec7zSc0AWDmT6cZpys8C74HqKeOArJPvswE +b4OVyKZj20hFNj2N6TRry0x+pw+eP2XziEc0jdIqb33K6SbZKyezmKNYF+0TlzN9 +Md249inCf3DIDImTEC6j3oCobTByxs9E1/tDHyeY6k5aMFY0gMlISuqTLX9iEqR6 +jgOrr5i4VIZK7lK1JBzJ28FjE86zvEAzGnS71foYlmTWRWn+l7d5TQUWPsq17khu +2TnP+lLFg2+DVQCy9ZidCI30noiufEn/FR1GODBI8vFVtpXwEVP5nDZMa1GNQwTa +ec3BzIcKC5CyHfdD8hcs1zAwr2cR6xhMLWdt1AGGP8AL8NV1puVyQYi82i9dnUrb +h3mYLQFDrnEB7xDoJbz4pVOryn+TxXcaqChDsF7YC1E5cOKLZtm1seadiz5cZDwK +WwL+1GsYk23KbiDIfFk00pPxFIKchFI6YYjdLqp6dnx/TJsp/IYEgfyn+hYSGRZd +1TDTesfFU5Ki5M1RvFHePIBR362lUF72i3Awwi8U3nWuk4erk8Nswonwc121sWSo +5Yp8fDBDP5CANcHv8JcLGMKUDYZGzqK0d3iehMXZdQK/Jd4x6dvd4Qr8VDbsxuWf +aDwzEOjEpvMcawTdqWGTS9wwlmidJ47jY2HjUe5e7PvYm1+UQ/rgEoguoTsCAwEA +AQKCAgApCj3Nxyjc7pGqHY82YPSJmf8fbPQHX7ybjH9IRb22v456VICJ75Qc3WAC +9xexkypnEqmT8i/kOxospY0vz3X9iJlLOWc2AIaj5FpPhU4mn8V7/+4k+h9OjTLa +GQeUu29KOoWIG7gw/f5G7bAN3di5nPYMDiZjT+AT7EdDx31LXL7pn1dF13ST3Djm +0P8yrSkpr713m1X2F2tPL9bYF+OvNmItDpDT+IerIBwoXKT1xLMTuMMllN2Anic8 +cW2cvE0ll8R5woVHEnDmnSZlQQZk5MIegDrqSJ3TQeok+dOHRToEQv5ne6KXyk0W +RObIHkeU50XhhjmJ6RYltZGIWKI/QohWBECINhjmBxqGKBz5ultIOmeLPd5IlC+Y +ow+zQk8WuYaUIX2PAzhFnhRfxUsv2Zoljt2J4YC3oKsB9cynrhonozvwEJy9MJJF +a48+meJ6Wkm6LtcREPgbjFtfhrPKQlD+/kfHR6mxhjR977lgZAvrGhlBTZPKx/MF +r0ZOP34+Cw2ZDrHO1L7GQVEjY0JM2B6lCEYtI8Mxy04gqa+kRIjL+04WhjT1w2Lk +71tOBNNB2AqxK+aptqxLG2By4mlW7WliGZI0j/6caXkg02olL/WqeBWTKSoUXLd6 +LD523A02VHQgBDhTdIjezKI1FpAVKCXdHuwgqSWPQiQx6FkdAQKCAQEA1YinOp0U +1/9nq5f9Oet5uOLLGNG5lpzvCY9tPk9gWjTlAes5aQ8Pftg+P6dGgAsVqGxT2NvS +uNSqYIBdm7Uy7jUG9m6PjQeQ7+oQ1vJqbryqr4QDwnAtHdWFfXak17YZs9YuhesP +l5h4Oxi43Q2tZalMUY/rAmn+URqI5jlSWYiH6D9p2j9mEzvFrPQLvsbDb6zbxlAv +8oaqOiOrQa+q3T+loeRX0ErN9qf84Vw7tc7Qp5a4siWyWIHKGHHVveB+ITcHJ2+7 +KJf7saRAjcRyHxX3tsPyRVSfg37nIMoPHilnN8bbhgBs0eMq1zcQgEYVceWx4pcZ +GonabS85TBsqwQKCAQEAyKfZoot+oOOfWXMVBD761o4msd3fxRJlyS9RsPzRx7VO +rQNTw9fCmurcFnF444fCfnEVJ/bCh/rWETyt1wVQhuy+th16hq4NEwGOD87WBXCn +b3K8ZNbFDB9WL30q7bLe9UBw4j1ciHGKqpkjEACBrrdBF3HxVjBCQiHUKci3KK7E +j6rtmR97UJj3XtTU0XiFm2FNKRa+aw0OQ3rr5Bw9ZURd9aXoDCXUMoXgfFnUxLWd +y8Mdh5/PWmf8/o7/WqWpwejRJqfcGR1576QJXZjbduXG5zviDjwe5VKjgH5XRe8x +ytCa5Z6APGWA4hhuZYfERcCsirEPO4ruew+iE0c2+wKCAQAA7o28Rb83ihfLuegS +/qITWnoEa7XhoGGyqvuREAudmSl+rqYbfUNWDF+JK5O1L1cy2vYqthrfT55GuYiv +C0VjoLudC7J4rRXG1kCoj3pDbXNZPLw/dvnbbXkdqQzjHBpUnJSrZPE2eiXcLCly +XYLqNKjumjAuXIQNmo4KYymm1l+xdcVifHBXmSUtsgrzFC76J8j1vpfW+Rt5EXrH +2JpoSMTSRgrUD9+COg1ydlKUYoiqko/PxzZWCIr3PFfwcjBauMDBPU2VycQBbHQT +qk3NMO1Z0NUX1Fy12DHuBLO4L/oRVj7TAOF4sQMY2VarGKMzUgtKr9oeMYfQfipD +2MKBAoIBAQCyCFuNYP+FePDVyMoI7mhZHd8vSZFVpbEyBA4TXv4yl6eq0pzr0vAT +y/Zi42NDXh0vWt5Oix6mz+RHfvMvKMP+MugzZYxlGuD20BZf6ED0qrOkqsSFJBnJ +W7R4hjIknOQ97mM6GP+VAEjsfNsjQ4/MmUPjrXFX65GeY61/NVtteUNlxV7y0X/0 +TwSM24HIKYtCBd8Uad2h1f+l19acmoHO7A4B+qYcwSO5gBdhvcKOliXfuMrmnuC3 +cjSDGBVxNDOenReVmLIshn6+JWk55noy0ETevb8gqi8vgVcYlwCQSF6BeP02Zp+Y +9uaXtN2esAtxaDavB9JgHjDid0hymmkpAoIBABmtcLim8rEIo82NERAUvVHR7MxR +hXKx9g3bm1O0w7kJ16jyf5uyJ85JNi1XF2/AomSNWH6ikHuX5Xj6vOdL4Ki9jPDq +TOlmvys2LtCAMOM3e3NvzIfTnrQEurGusCQKxCbnlRk2W13j3uc2gVFgB3T1+w2H +lSEhzuFpDrxKrsE9QcCf7/Cju+2ir9h3FsPDRKoxfRJ2/onsgQ/Q7NODRRQGjwxw +P/Hli/j17jC7TdgC26JhtVHH7K5xC6iNL03Pf3GTSvwN1vK1BY2reoz1FtQrGZvM +rydzkVNNVeMVX2TER9yc8AdFqkRlaBWHmO61rYmV+N1quLM0uMVsu55ZNCY= +-----END RSA PRIVATE KEY-----`)) + + goodPrivateKey, err := x509.ParsePKCS1PrivateKey(goodPrivateKeyBlock.Bytes) + if err != nil { + t.Errorf("Error parsing Private Key: %v", err) + } + + tests := []struct { + name string + args args + want *x509.CertificateRequest + wantErr bool + }{ + { + name: "Positive test", + args: args{ + opts: &goodCertOptions, + privateKey: goodPrivateKey, + }, + want: goodCertificateRequest, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := certificates.CreateCertReq(tt.args.opts, tt.args.privateKey) + if (err != nil) != tt.wantErr { + t.Errorf("CreateCertReq() error = %v, wantErr %v", err, tt.wantErr) + + return + } + + if !reflect.DeepEqual(got.DNSNames, tt.want.DNSNames) { + t.Errorf("CreateCertReq() DNSNames got = %v, want = %v", got.DNSNames, tt.want.DNSNames) + + return + } + + if !reflect.DeepEqual(got.EmailAddresses, tt.want.EmailAddresses) { + t.Errorf("CreateCertReq() EmailAddresses got = %v, want = %v", got.EmailAddresses, tt.want.EmailAddresses) + + return + } + + if !reflect.DeepEqual(got.ExtraExtensions, tt.want.ExtraExtensions) { + t.Errorf("CreateCertReq() ExtraExtensions got = %v, want = %v", got.ExtraExtensions, tt.want.ExtraExtensions) + + return + } + + if !reflect.DeepEqual(got.IPAddresses, tt.want.IPAddresses) { + t.Errorf("CreateCertReq() IPAddresses got = %v, want = %v", got.IPAddresses, tt.want.IPAddresses) + + return + } + + if !reflect.DeepEqual(got.PublicKeyAlgorithm, tt.want.PublicKeyAlgorithm) { + t.Errorf("CreateCertReq() PublicKeyAlgorithm = %v, want = %v", got.PublicKeyAlgorithm, tt.want.PublicKeyAlgorithm) + + return + } + + if !reflect.DeepEqual(got.SignatureAlgorithm, tt.want.SignatureAlgorithm) { + t.Errorf("CreateCertReq() SignatureAlgorithm got = %v, want = %v", got.SignatureAlgorithm, tt.want.SignatureAlgorithm) + + return + } + + if !reflect.DeepEqual(got.URIs, tt.want.URIs) { + t.Errorf("CreateCertReq() URIs got = %v, want = %v", got.URIs, tt.want.URIs) + + return + } + + if !reflect.DeepEqual(got.Version, tt.want.Version) { + t.Errorf("CreateCertReq() Version got = %v, want = %v", got.Version, tt.want.Version) + + return + } + }) + } +} + +func TestCreateCertReqNegative(t *testing.T) { + type args struct { + opts *certificates.CertOptions + privateKey *rsa.PrivateKey + } + + badCertOptions := certificates.CertOptions{ + Bits: -1, + } + tests := []struct { + name string + args args + want *x509.CertificateRequest + wantErr error + }{ + { + name: "Negative test for Common Name", + args: args{ + opts: &badCertOptions, + privateKey: nil, + }, + want: nil, + wantErr: fmt.Errorf("must provide CommonName"), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + _, gotErr := certificates.CreateCertReq(tt.args.opts, tt.args.privateKey) + if gotErr == nil || gotErr.Error() != tt.wantErr.Error() { + t.Errorf("CreateCA() error = %v, wantErr = %v", gotErr, tt.wantErr) + } + }) + } +}