Google Git
Sign in
apache / yunikorn-k8shim / a4b794ce4297cd5349aa2a7f552633e947908aab / . / pkg / pki / certs_test.go
blob: 2b62aeb4d87a2e01fdc4718be1a90315f935589a [file] [log] [blame]
/*
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package pki
import (
"crypto/x509"
"testing"
"time"
"gotest.tools/assert"
)
func TestCreateCACertificate(t *testing.T) {
cert, privateKey, err := GenerateCACertificate(time.Now().AddDate(1, 0, 0))
assert.NilError(t, err, "generate certificate failed")
assert.Assert(t, privateKey.PublicKey.Equal(cert.PublicKey), "public keys do not match")
err = cert.CheckSignatureFrom(cert)
assert.NilError(t, err, "signature check failed")
}
func TestCreateServerCertificate(t *testing.T) {
caCert, caPrivateKey, err := GenerateCACertificate(time.Now().AddDate(1, 0, 0))
assert.NilError(t, err, "generate ca certificate failed")
cert, privateKey, err := GenerateServerCertificate("example.com", []string{"example.com", "www.example.com"}, caCert, caPrivateKey)
assert.NilError(t, err, "generate server certificate failed")
assert.Assert(t, privateKey.PublicKey.Equal(cert.PublicKey), "public keys do not match")
err = cert.CheckSignatureFrom(caCert)
assert.NilError(t, err, "signature check failed")
}
func TestEncodeCertificatePem(t *testing.T) {
cert, _, err := GenerateCACertificate(time.Now().AddDate(1, 0, 0))
assert.NilError(t, err, "generate certificate failed")
certPem, err := EncodeCertificatePem(cert)
assert.NilError(t, err, "encode certificate failed")
cert2, err := DecodeCertificatePem(certPem)
assert.NilError(t, err, "decode certificate failed")
assert.Equal(t, cert.SerialNumber.Int64(), cert2.SerialNumber.Int64(), "wrong serial number")
}
func TestEncodePrivateKeyPem(t *testing.T) {
_, privateKey, err := GenerateCACertificate(time.Now().AddDate(1, 0, 0))
assert.NilError(t, err, "generate certificate failed")
pkPem, err := EncodePrivateKeyPem(privateKey)
assert.NilError(t, err, "encode private key failed")
privateKey2, err := DecodePrivateKeyPem(pkPem)
assert.NilError(t, err, "decode private key failed")
assert.Assert(t, privateKey.Equal(privateKey2), "private keys do not match")
}
func TestEncodeCertChainPem(t *testing.T) {
cert1, _, err := GenerateCACertificate(time.Now().AddDate(1, 0, 0))
assert.NilError(t, err, "generate ca certificate 1 failed")
cert2, _, err := GenerateCACertificate(time.Now().AddDate(1, 0, 0))
assert.NilError(t, err, "generate ca certificate 2 failed")
certsPem, err := EncodeCertChainPem([]*x509.Certificate{cert1, cert2})
assert.NilError(t, err, "encode ca bundle failed")
certs, err := DecodeCertChainPem(certsPem)
assert.NilError(t, err, "decode ca bundle failed")
assert.Equal(t, 2, len(certs), "Wrong length")
assert.Equal(t, certs[0].SerialNumber.Int64(), cert1.SerialNumber.Int64(), "ca certificate 1 mismatch")
assert.Equal(t, certs[1].SerialNumber.Int64(), cert2.SerialNumber.Int64(), "ca certificate 2 mismatch")
}