func TestLoadSigner(t *testing.T) {
lca := &CA{}
certPEM, csrPEM, keyPEM, err := initca.New(ExampleRequest())
assert.NoErrorT(t, err)
_, err = lca.CACertificate()
assert.ErrorEqT(t, errNotSetup, err)
_, err = lca.SignCSR(csrPEM)
assert.ErrorEqT(t, errNotSetup, err)
lca.KeyFile, err = tempName()
assert.NoErrorT(t, err)
defer os.Remove(lca.KeyFile)
lca.CertFile, err = tempName()
assert.NoErrorT(t, err)
defer os.Remove(lca.CertFile)
err = ioutil.WriteFile(lca.KeyFile, keyPEM, 0644)
assert.NoErrorT(t, err)
err = ioutil.WriteFile(lca.CertFile, certPEM, 0644)
assert.NoErrorT(t, err)
err = Load(lca, ExampleSigningConfig())
assert.NoErrorT(t, err)
}
func TestNewSigner(t *testing.T) {
req := ExampleRequest()
lca, err := New(req, ExampleSigningConfig())
assert.NoErrorT(t, err)
csrPEM, _, err := csr.ParseRequest(testRequest)
assert.NoErrorT(t, err)
certPEM, err := lca.SignCSR(csrPEM)
assert.NoErrorT(t, err)
_, err = helpers.ParseCertificatePEM(certPEM)
assert.NoErrorT(t, err)
certPEM, err = lca.CACertificate()
assert.NoErrorT(t, err)
cert, err := helpers.ParseCertificatePEM(certPEM)
assert.NoErrorT(t, err)
assert.BoolT(t, cert.Subject.CommonName == req.CN,
"common names don't match")
lca.Toggle()
_, err = lca.SignCSR(csrPEM)
assert.ErrorEqT(t, errDisabled, err)
lca.Toggle()
_, err = lca.SignCSR(certPEM)
assert.ErrorT(t, err, "shouldn't be able to sign non-CSRs")
p := &pem.Block{
Type: "CERTIFICATE REQUEST",
Bytes: []byte(`¯\_(ツ)_/¯`),
}
junkCSR := pem.EncodeToMemory(p)
_, err = lca.SignCSR(junkCSR)
assert.ErrorT(t, err, "signing a junk CSR should fail")
t.Logf("error: %s", err)
}
