pkg/core/cert/provider/util_test.go - dubbo-kubernetes - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one or more
 // contributor license agreements.  See the NOTICE file distributed with
 // this work for additional information regarding copyright ownership.
 // The ASF licenses this file to You under the Apache License, Version 2.0
 // (the "License"); you may not use this file except in compliance with
 // the License.  You may obtain a copy of the License at
 //
 //	http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package provider

 import (
 	"bytes"
 	"crypto/ecdsa"
 	"encoding/pem"
 	"net/url"
 	"testing"

 	"github.com/apache/dubbo-kubernetes/pkg/core/endpoint"
 	"github.com/apache/dubbo-kubernetes/pkg/core/logger"

 	"github.com/stretchr/testify/assert"
 )

 func TestCSR(t *testing.T) {
 	t.Parallel()

 	csr, privateKey, err := GenerateCSR()
 	if err != nil {
 		t.Fatal(err)
 		return
 	}

 	request, err := LoadCSR(csr)
 	if err != nil {
 		t.Fatal(err)
 		return
 	}

 	cert := GenerateAuthorityCert(nil, 365*24*60*60*1000)

 	target, err := SignFromCSR(request, &endpoint.Endpoint{SpiffeID: "spiffe://cluster.local"}, cert, 365*24*60*60*1000)
 	if err != nil {
 		t.Fatal(err)
 		return
 	}

 	certificate := DecodeCert(target)

 	check := &Cert{
 		Cert:       certificate,
 		PrivateKey: privateKey,
 		CertPem:    target,
 	}

 	if !check.IsValid() {
 		t.Fatal("Cert is not valid")
 		return
 	}

 	assert.Equal(t, 1, len(certificate.URIs))
 	assert.Equal(t, &url.URL{Scheme: "spiffe", Host: "cluster.local"}, certificate.URIs[0])

 	target, err = SignFromCSR(request, &endpoint.Endpoint{SpiffeID: "://"}, cert, 365*24*60*60*1000)
 	assert.Nil(t, err)

 	certificate = DecodeCert(target)

 	check = &Cert{
 		Cert:       certificate,
 		PrivateKey: privateKey,
 		CertPem:    target,
 	}

 	assert.True(t, check.IsValid())

 	assert.Equal(t, 0, len(certificate.URIs))
 }

 func TestDecodeCert(t *testing.T) {
 	t.Parallel()

 	logger.Init()

 	if DecodeCert("") != nil {
 		t.Fatal("DecodeCert should return nil")
 		return
 	}

 	if DecodeCert("123") != nil {
 		t.Fatal("DecodeCert should return nil")
 		return
 	}

 	certPem := new(bytes.Buffer)
 	err := pem.Encode(certPem, &pem.Block{
 		Type:  "CERTIFICATE",
 		Bytes: []byte("123"),
 	})
 	assert.Nil(t, err)

 	if DecodeCert(certPem.String()) != nil {
 		t.Fatal("DecodeCert should return nil")
 		return
 	}

 	if DecodeCert("-----BEGIN CERTIFICATE-----\n"+
 		"MIICSjCCAbOgAwIBAgIJAJHGGR4dGioHMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV\n"+
 		"BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\n"+
 		"aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnRlc3RjYTAeFw0xNDExMTEyMjMxMjla\n"+
 		"Fw0yNDExMDgyMjMxMjlaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0\n"+
 		"YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMT\n"+
 		"BnRlc3RjYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwEDfBV5MYdlHVHJ7\n"+
 		"+L4nxrZy7mBfAVXpOc5vMYztssUI7mL2/iYujiIXM+weZYNTEpLdjyJdu7R5gGUu\n"+
 		"g1jSVK/EPHfc74O7AyZU34PNIP4Sh33N+/A5YexrNgJlPY+E3GdVYi4ldWJjgkAd\n"+
 		"Qah2PH5ACLrIIC6tRka9hcaBlIECAwEAAaMgMB4wDAYDVR0TBAUwAwEB/zAOBgNV\n"+
 		"HQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADgYEAHzC7jdYlzAVmddi/gdAeKPau\n"+
 		"sPBG/C2HCWqHzpCUHcKuvMzDVkY/MP2o6JIW2DBbY64bO/FceExhjcykgaYtCH/m\n"+
 		"oIU63+CFOTtR7otyQAWHqXa7q4SbCDlG7DyRFxqG0txPtGvy12lgldA2+RgcigQG\n"+
 		"Dfcog5wrJytaQ6UA0wE=\n"+
 		"-----END CERTIFICATE-----\n") == nil {
 		t.Fatal("DecodeCert should not return nil")
 		return
 	}
 }

 func TestDecodePrivateKey(t *testing.T) {
 	t.Parallel()

 	logger.Init()
 	if DecodePrivateKey("") != nil {
 		t.Fatal("DecodePrivateKey should return nil")
 		return
 	}

 	if DecodePrivateKey("123") != nil {
 		t.Fatal("DecodePrivateKey should return nil")
 		return
 	}

 	if DecodePrivateKey("-----BEGIN PRIVATE KEY-----\n"+
 		"123\n"+
 		"-----END PRIVATE KEY-----\n") != nil {
 		t.Fatal("DecodePrivateKey should return nil")
 		return
 	}

 	if DecodePrivateKey("-----BEGIN PRIVATE KEY-----\n"+
 		"MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMBA3wVeTGHZR1Ry\n"+
 		"e/i+J8a2cu5gXwFV6TnObzGM7bLFCO5i9v4mLo4iFzPsHmWDUxKS3Y8iXbu0eYBl\n"+
 		"LoNY0lSvxDx33O+DuwMmVN+DzSD+Eod9zfvwOWHsazYCZT2PhNxnVWIuJXViY4JA\n"+
 		"HUGodjx+QAi6yCAurUZGvYXGgZSBAgMBAAECgYAxRi8i9BlFlufGSBVoGmydbJOm\n"+
 		"bwLKl9dP3o33ODSP9hok5y6A0w5plWk3AJSF1hPLleK9VcSKYGYnt0clmPVHF35g\n"+
 		"bx2rVK8dOT0mn7rz9Zr70jcSz1ETA2QonHZ+Y+niLmcic9At6hRtWiewblUmyFQm\n"+
 		"GwggIzi7LOyEUHrEcQJBAOXxyQvnLvtKzXiqcsW/K6rExqVJVk+KF0fzzVyMzTJx\n"+
 		"HRBxUVgvGdEJT7j+7P2kcTyafve0BBzDSPIaDyiJ+Y0CQQDWCb7jASFSbu5M3Zcd\n"+
 		"Gkr4ZKN1XO3VLQX10b22bQYdF45hrTN2tnzRvVUR4q86VVnXmiGiTqmLkXcA2WWf\n"+
 		"pHfFAkAhv9olUBo6MeF0i3frBEMRfm41hk0PwZHnMqZ6pgPcGnQMnMU2rzsXzkkQ\n"+
 		"OwJnvAIOxhJKovZTjmofdqmw5odlAkBYVUdRWjsNUTjJwj3GRf6gyq/nFMYWz3EB\n"+
 		"RWFdM1ttkDYzu45ctO2IhfHg4sPceDMO1s6AtKQmNI9/azkUjITdAkApNa9yFRzc\n"+
 		"TBaDNPd5KVd58LVIzoPQ6i7uMHteLXJUWqSroji6S3s4gKMFJ/dO+ZXIlgQgfJJJ\n"+
 		"ZDL4cdrdkeoM\n"+
 		"-----END PRIVATE KEY-----\n") != nil {
 		t.Fatal("DecodePrivateKey should return nil")
 		return
 	}

 	if DecodePrivateKey("-----BEGIN EC PRIVATE KEY-----\n"+
 		"MHcCAQEEIMS+Yc+9GMD0v7a2yz8EwEoF2vsM7d54aeV5jKjHGFzioAoGCCqGSM49\n"+
 		"AwEHoUQDQgAEe6MTHP7f5BKtVMEswm59WTZXyDD7cAbPdeBDtljJRIl6yAYgBtFN\n"+
 		"9RT54nIlNiPnH3P8DKyuvSE3jmsG3IHhcg==\n"+
 		"-----END EC PRIVATE KEY-----\n") == nil {
 		t.Fatal("DecodePrivateKey should not return nil")
 		return
 	}
 }

 func TestDecodePublicKey(t *testing.T) {
 	t.Parallel()

 	key := DecodePrivateKey("-----BEGIN EC PRIVATE KEY-----\n" +
 		"MHcCAQEEIIyys+L2OLSPvIjqbSJXkjbl6QtFysqhuHWsHwmfpADloAoGCCqGSM49\n" +
 		"AwEHoUQDQgAE4/2iaB+J+yBSdwtbKtyymbOiEXwNPB3v8EYRJBahICOYZFbWz4MK\n" +
 		"3eV88hF7Q91yec8SpAyG2HXVUTKBCh53wg==\n" +
 		"-----END EC PRIVATE KEY-----")

 	assert.NotNil(t, key)

 	assert.Equal(t, "-----BEGIN EC PUBLIC KEY-----\n"+
 		"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4/2iaB+J+yBSdwtbKtyymbOiEXwN\n"+
 		"PB3v8EYRJBahICOYZFbWz4MK3eV88hF7Q91yec8SpAyG2HXVUTKBCh53wg==\n"+
 		"-----END EC PUBLIC KEY-----\n", EncodePublicKey(&key.PublicKey))

 	assert.Equal(t, "", EncodePublicKey(&ecdsa.PublicKey{}))
 }
	// Licensed to the Apache Software Foundation (ASF) under one or more
	// contributor license agreements. See the NOTICE file distributed with
	// this work for additional information regarding copyright ownership.
	// The ASF licenses this file to You under the Apache License, Version 2.0
	// (the "License"); you may not use this file except in compliance with
	// the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package provider

	import (
	"bytes"
	"crypto/ecdsa"
	"encoding/pem"
	"net/url"
	"testing"

	"github.com/apache/dubbo-kubernetes/pkg/core/endpoint"
	"github.com/apache/dubbo-kubernetes/pkg/core/logger"

	"github.com/stretchr/testify/assert"
	)

	func TestCSR(t *testing.T) {
	t.Parallel()

	csr, privateKey, err := GenerateCSR()
	if err != nil {
	t.Fatal(err)
	return
	}

	request, err := LoadCSR(csr)
	if err != nil {
	t.Fatal(err)
	return
	}

	cert := GenerateAuthorityCert(nil, 3652460601000)

	target, err := SignFromCSR(request, &endpoint.Endpoint{SpiffeID: "spiffe://cluster.local"}, cert, 3652460601000)
	if err != nil {
	t.Fatal(err)
	return
	}

	certificate := DecodeCert(target)

	check := &Cert{
	Cert: certificate,
	PrivateKey: privateKey,
	CertPem: target,
	}

	if !check.IsValid() {
	t.Fatal("Cert is not valid")
	return
	}

	assert.Equal(t, 1, len(certificate.URIs))
	assert.Equal(t, &url.URL{Scheme: "spiffe", Host: "cluster.local"}, certificate.URIs[0])

	target, err = SignFromCSR(request, &endpoint.Endpoint{SpiffeID: "://"}, cert, 3652460601000)
	assert.Nil(t, err)

	certificate = DecodeCert(target)

	check = &Cert{
	Cert: certificate,
	PrivateKey: privateKey,
	CertPem: target,
	}

	assert.True(t, check.IsValid())

	assert.Equal(t, 0, len(certificate.URIs))
	}

	func TestDecodeCert(t *testing.T) {
	t.Parallel()

	logger.Init()

	if DecodeCert("") != nil {
	t.Fatal("DecodeCert should return nil")
	return
	}

	if DecodeCert("123") != nil {
	t.Fatal("DecodeCert should return nil")
	return
	}

	certPem := new(bytes.Buffer)
	err := pem.Encode(certPem, &pem.Block{
	Type: "CERTIFICATE",
	Bytes: []byte("123"),
	})
	assert.Nil(t, err)

	if DecodeCert(certPem.String()) != nil {
	t.Fatal("DecodeCert should return nil")
	return
	}

	if DecodeCert("-----BEGIN CERTIFICATE-----\n"+
	"MIICSjCCAbOgAwIBAgIJAJHGGR4dGioHMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV\n"+
	"BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\n"+
	"aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnRlc3RjYTAeFw0xNDExMTEyMjMxMjla\n"+
	"Fw0yNDExMDgyMjMxMjlaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0\n"+
	"YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMT\n"+
	"BnRlc3RjYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwEDfBV5MYdlHVHJ7\n"+
	"+L4nxrZy7mBfAVXpOc5vMYztssUI7mL2/iYujiIXM+weZYNTEpLdjyJdu7R5gGUu\n"+
	"g1jSVK/EPHfc74O7AyZU34PNIP4Sh33N+/A5YexrNgJlPY+E3GdVYi4ldWJjgkAd\n"+
	"Qah2PH5ACLrIIC6tRka9hcaBlIECAwEAAaMgMB4wDAYDVR0TBAUwAwEB/zAOBgNV\n"+
	"HQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADgYEAHzC7jdYlzAVmddi/gdAeKPau\n"+
	"sPBG/C2HCWqHzpCUHcKuvMzDVkY/MP2o6JIW2DBbY64bO/FceExhjcykgaYtCH/m\n"+
	"oIU63+CFOTtR7otyQAWHqXa7q4SbCDlG7DyRFxqG0txPtGvy12lgldA2+RgcigQG\n"+
	"Dfcog5wrJytaQ6UA0wE=\n"+
	"-----END CERTIFICATE-----\n") == nil {
	t.Fatal("DecodeCert should not return nil")
	return
	}
	}

	func TestDecodePrivateKey(t *testing.T) {
	t.Parallel()

	logger.Init()
	if DecodePrivateKey("") != nil {
	t.Fatal("DecodePrivateKey should return nil")
	return
	}

	if DecodePrivateKey("123") != nil {
	t.Fatal("DecodePrivateKey should return nil")
	return
	}

	if DecodePrivateKey("-----BEGIN PRIVATE KEY-----\n"+
	"123\n"+
	"-----END PRIVATE KEY-----\n") != nil {
	t.Fatal("DecodePrivateKey should return nil")
	return
	}

	if DecodePrivateKey("-----BEGIN PRIVATE KEY-----\n"+
	"MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMBA3wVeTGHZR1Ry\n"+
	"e/i+J8a2cu5gXwFV6TnObzGM7bLFCO5i9v4mLo4iFzPsHmWDUxKS3Y8iXbu0eYBl\n"+
	"LoNY0lSvxDx33O+DuwMmVN+DzSD+Eod9zfvwOWHsazYCZT2PhNxnVWIuJXViY4JA\n"+
	"HUGodjx+QAi6yCAurUZGvYXGgZSBAgMBAAECgYAxRi8i9BlFlufGSBVoGmydbJOm\n"+
	"bwLKl9dP3o33ODSP9hok5y6A0w5plWk3AJSF1hPLleK9VcSKYGYnt0clmPVHF35g\n"+
	"bx2rVK8dOT0mn7rz9Zr70jcSz1ETA2QonHZ+Y+niLmcic9At6hRtWiewblUmyFQm\n"+
	"GwggIzi7LOyEUHrEcQJBAOXxyQvnLvtKzXiqcsW/K6rExqVJVk+KF0fzzVyMzTJx\n"+
	"HRBxUVgvGdEJT7j+7P2kcTyafve0BBzDSPIaDyiJ+Y0CQQDWCb7jASFSbu5M3Zcd\n"+
	"Gkr4ZKN1XO3VLQX10b22bQYdF45hrTN2tnzRvVUR4q86VVnXmiGiTqmLkXcA2WWf\n"+
	"pHfFAkAhv9olUBo6MeF0i3frBEMRfm41hk0PwZHnMqZ6pgPcGnQMnMU2rzsXzkkQ\n"+
	"OwJnvAIOxhJKovZTjmofdqmw5odlAkBYVUdRWjsNUTjJwj3GRf6gyq/nFMYWz3EB\n"+
	"RWFdM1ttkDYzu45ctO2IhfHg4sPceDMO1s6AtKQmNI9/azkUjITdAkApNa9yFRzc\n"+
	"TBaDNPd5KVd58LVIzoPQ6i7uMHteLXJUWqSroji6S3s4gKMFJ/dO+ZXIlgQgfJJJ\n"+
	"ZDL4cdrdkeoM\n"+
	"-----END PRIVATE KEY-----\n") != nil {
	t.Fatal("DecodePrivateKey should return nil")
	return
	}

	if DecodePrivateKey("-----BEGIN EC PRIVATE KEY-----\n"+
	"MHcCAQEEIMS+Yc+9GMD0v7a2yz8EwEoF2vsM7d54aeV5jKjHGFzioAoGCCqGSM49\n"+
	"AwEHoUQDQgAEe6MTHP7f5BKtVMEswm59WTZXyDD7cAbPdeBDtljJRIl6yAYgBtFN\n"+
	"9RT54nIlNiPnH3P8DKyuvSE3jmsG3IHhcg==\n"+
	"-----END EC PRIVATE KEY-----\n") == nil {
	t.Fatal("DecodePrivateKey should not return nil")
	return
	}
	}

	func TestDecodePublicKey(t *testing.T) {
	t.Parallel()

	key := DecodePrivateKey("-----BEGIN EC PRIVATE KEY-----\n" +
	"MHcCAQEEIIyys+L2OLSPvIjqbSJXkjbl6QtFysqhuHWsHwmfpADloAoGCCqGSM49\n" +
	"AwEHoUQDQgAE4/2iaB+J+yBSdwtbKtyymbOiEXwNPB3v8EYRJBahICOYZFbWz4MK\n" +
	"3eV88hF7Q91yec8SpAyG2HXVUTKBCh53wg==\n" +
	"-----END EC PRIVATE KEY-----")

	assert.NotNil(t, key)

	assert.Equal(t, "-----BEGIN EC PUBLIC KEY-----\n"+
	"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4/2iaB+J+yBSdwtbKtyymbOiEXwN\n"+
	"PB3v8EYRJBahICOYZFbWz4MK3eV88hF7Q91yec8SpAyG2HXVUTKBCh53wg==\n"+
	"-----END EC PUBLIC KEY-----\n", EncodePublicKey(&key.PublicKey))

	assert.Equal(t, "", EncodePublicKey(&ecdsa.PublicKey{}))
	}