Skip to content

Commit

Permalink
debug TestRenewTLSConfigUpdatesRootOnUnknownAuthError
Browse files Browse the repository at this point in the history
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
  • Loading branch information
thaJeztah committed Jul 29, 2023
1 parent 7e5de38 commit f6a06c4
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions ca/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"context"
"crypto/tls"
"crypto/x509"
"encoding/pem"
"net"
"os"
"path/filepath"
Expand Down Expand Up @@ -618,6 +619,24 @@ func TestSecurityConfigWatch(t *testing.T) {
require.NoError(t, ca.RenewTLSConfigNow(tc.Context, secConfig, tc.ConnBroker, tc.Paths.RootCA))
}

func printCert(t *testing.T, pemData []byte) {
t.Helper()

block, _ := pem.Decode(pemData)
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
t.Error(err)
}

cert.RawSubject = nil
cert.Raw = nil
cert.RawIssuer = nil
cert.RawSubjectPublicKeyInfo = nil
cert.RawTBSCertificate = nil
cert.Signature = nil
t.Logf("%+v", cert)
}

// If we get an unknown authority error when trying to renew the TLS certificate, attempt to download the
// root certificate. If it validates against the current TLS credentials, it will be used to download
// new ones, (only if the new certificate indicates that it's a worker, though).
Expand All @@ -633,6 +652,8 @@ func TestRenewTLSConfigUpdatesRootOnUnknownAuthError(t *testing.T) {
for i := 0; i < 3; i++ {
certs[i], keys[i], err = cautils.CreateRootCertAndKey("CA" + strconv.Itoa(i))
require.NoError(t, err)
t.Log("CA"+strconv.Itoa(i), ":\n", string(certs[i]))
printCert(t, certs[i])
switch i {
case 0:
crossSigneds[i] = nil
Expand All @@ -641,6 +662,8 @@ func TestRenewTLSConfigUpdatesRootOnUnknownAuthError(t *testing.T) {
default:
crossSigneds[i], err = cas[i-1].CrossSignCACertificate(certs[i])
require.NoError(t, err)
t.Log("Intermediate"+strconv.Itoa(i), ":\n", string(crossSigneds[i]))
printCert(t, crossSigneds[i])
cas[i], err = ca.NewRootCA(certs[i-1], certs[i], keys[i], ca.DefaultNodeCertExpiration, crossSigneds[i])
require.NoError(t, err)
}
Expand Down

0 comments on commit f6a06c4

Please sign in to comment.