Esempio n. 1
0
func (s *bootstrapSuite) TestBootstrapFuncKeyGeneration(c *C) {
	env := newEnviron("foo", nil, nil)
	var savedCert, savedKey []byte
	err := environs.Bootstrap(env, false, func(name string, cert, key []byte) error {
		savedCert = cert
		savedKey = key
		return nil
	})
	c.Assert(err, IsNil)
	c.Assert(env.bootstrapCount, Equals, 1)
	_, _, err = cert.ParseCertAndKey(env.certPEM, env.keyPEM)
	c.Assert(err, IsNil)

	// Check that the cert and key have been set correctly in the configuration
	cfgCertPEM, cfgCertOK := env.cfg.CACert()
	cfgKeyPEM, cfgKeyOK := env.cfg.CAPrivateKey()
	c.Assert(cfgCertOK, Equals, true)
	c.Assert(cfgKeyOK, Equals, true)
	c.Assert(cfgCertPEM, DeepEquals, savedCert)
	c.Assert(cfgKeyPEM, DeepEquals, savedKey)

	caCert, _, err := cert.ParseCertAndKey(cfgCertPEM, cfgKeyPEM)
	c.Assert(err, IsNil)
	c.Assert(caCert.Subject.CommonName, Equals, `juju-generated CA for environment foo`)

	verifyCert(c, env.certPEM, cfgCertPEM)
}
Esempio n. 2
0
func (s *bootstrapSuite) TestBootstrapKeyGeneration(c *C) {
	env := newEnviron("foo", nil, nil)
	err := environs.Bootstrap(env, false, nil)
	c.Assert(err, IsNil)
	c.Assert(env.bootstrapCount, Equals, 1)
	_, _, err = cert.ParseCertAndKey(env.certPEM, env.keyPEM)
	c.Assert(err, IsNil)

	// Check that the generated CA key has been written correctly.
	caCertPEM, err := ioutil.ReadFile(filepath.Join(os.Getenv("HOME"), ".juju", "foo-cert.pem"))
	c.Assert(err, IsNil)
	caKeyPEM, err := ioutil.ReadFile(filepath.Join(os.Getenv("HOME"), ".juju", "foo-private-key.pem"))
	c.Assert(err, IsNil)

	// Check that the cert and key have been set correctly in the configuration
	cfgCertPEM, cfgCertOK := env.cfg.CACert()
	cfgKeyPEM, cfgKeyOK := env.cfg.CAPrivateKey()
	c.Assert(cfgCertOK, Equals, true)
	c.Assert(cfgKeyOK, Equals, true)
	c.Assert(cfgCertPEM, DeepEquals, caCertPEM)
	c.Assert(cfgKeyPEM, DeepEquals, caKeyPEM)

	caCert, _, err := cert.ParseCertAndKey(cfgCertPEM, cfgKeyPEM)
	c.Assert(err, IsNil)
	c.Assert(caCert.Subject.CommonName, Equals, `juju-generated CA for environment foo`)

	verifyCert(c, env.certPEM, caCertPEM)
}
Esempio n. 3
0
func mustParseCertAndKey(certPEM, keyPEM []byte) (*x509.Certificate, *rsa.PrivateKey) {
	cert, key, err := cert.ParseCertAndKey(certPEM, keyPEM)
	if err != nil {
		panic(err)
	}
	return cert, key
}
Esempio n. 4
0
func (*EnvironsCertSuite) TestGenerateCertificate(c *C) {
	defer testing.MakeSampleHome(c).Restore()
	env, err := NewFromName(testing.SampleEnvName)
	c.Assert(err, IsNil)

	var savedCerts testCerts
	writeFunc := func(name string, cert, key []byte) error {
		savedCerts.cert = cert
		savedCerts.key = key
		return nil
	}
	generateCertificate(env, writeFunc)

	// Check that the cert and key have been set correctly in the configuration
	cfgCertPEM, cfgCertOK := env.Config().CACert()
	cfgKeyPEM, cfgKeyOK := env.Config().CAPrivateKey()
	c.Assert(cfgCertOK, Equals, true)
	c.Assert(cfgKeyOK, Equals, true)
	c.Assert(cfgCertPEM, DeepEquals, savedCerts.cert)
	c.Assert(cfgKeyPEM, DeepEquals, savedCerts.key)

	// Check the common name of the generated cert
	caCert, _, err := cert.ParseCertAndKey(cfgCertPEM, cfgKeyPEM)
	c.Assert(err, IsNil)
	c.Assert(caCert.Subject.CommonName, Equals, `juju-generated CA for environment `+testing.SampleEnvName)
}
Esempio n. 5
0
func (certSuite) TestParseCertAndKey(c *C) {
	xcert, key, err := cert.ParseCertAndKey(caCertPEM, caKeyPEM)
	c.Assert(err, IsNil)
	c.Assert(xcert.Subject.CommonName, Equals, "juju testing")
	c.Assert(key, NotNil)

	c.Assert(xcert.PublicKey.(*rsa.PublicKey), DeepEquals, &key.PublicKey)
}
Esempio n. 6
0
func (certSuite) TestNewServer(c *C) {
	expiry := roundTime(time.Now().AddDate(1, 0, 0))
	caCertPEM, caKeyPEM, err := cert.NewCA("foo", expiry)
	c.Assert(err, IsNil)

	caCert, _, err := cert.ParseCertAndKey(caCertPEM, caKeyPEM)
	c.Assert(err, IsNil)

	srvCertPEM, srvKeyPEM, err := cert.NewServer("juju test", caCertPEM, caKeyPEM, expiry)
	c.Assert(err, IsNil)

	srvCert, srvKey, err := cert.ParseCertAndKey(srvCertPEM, srvKeyPEM)
	c.Assert(err, IsNil)
	c.Assert(err, IsNil)
	c.Assert(srvCert.Subject.CommonName, Equals, "*")
	c.Assert(srvCert.NotAfter.Equal(expiry), Equals, true)
	c.Assert(srvCert.BasicConstraintsValid, Equals, false)
	c.Assert(srvCert.IsCA, Equals, false)

	checkTLSConnection(c, caCert, srvCert, srvKey)
}
Esempio n. 7
0
func (*ConfigSuite) TestGenerateStateServerCertAndKey(c *gc.C) {
	// In order to test missing certs, it checks the JUJU_HOME dir, so we need
	// a fake home.
	defer testing.MakeFakeHomeWithFiles(c, []testing.TestFile{
		{".ssh/id_rsa.pub", "rsa\n"},
	}).Restore()

	for _, test := range []struct {
		configValues map[string]interface{}
		errMatch     string
	}{{
		configValues: map[string]interface{}{
			"name": "test-no-certs",
			"type": "dummy",
		},
		errMatch: "environment configuration has no ca-cert",
	}, {
		configValues: map[string]interface{}{
			"name":    "test-no-certs",
			"type":    "dummy",
			"ca-cert": testing.CACert,
		},
		errMatch: "environment configuration has no ca-private-key",
	}, {
		configValues: map[string]interface{}{
			"name":           "test-no-certs",
			"type":           "dummy",
			"ca-cert":        testing.CACert,
			"ca-private-key": testing.CAKey,
		},
	}} {
		cfg, err := config.New(test.configValues)
		c.Assert(err, gc.IsNil)
		certPEM, keyPEM, err := cfg.GenerateStateServerCertAndKey()
		if test.errMatch == "" {
			c.Assert(err, gc.IsNil)

			_, _, err = cert.ParseCertAndKey(certPEM, keyPEM)
			c.Check(err, gc.IsNil)

			err = cert.Verify(certPEM, []byte(testing.CACert), time.Now())
			c.Assert(err, gc.IsNil)
			err = cert.Verify(certPEM, []byte(testing.CACert), time.Now().AddDate(9, 0, 0))
			c.Assert(err, gc.IsNil)
			err = cert.Verify(certPEM, []byte(testing.CACert), time.Now().AddDate(10, 0, 1))
			c.Assert(err, gc.NotNil)
		} else {
			c.Assert(err, gc.ErrorMatches, test.errMatch)
			c.Assert(certPEM, gc.IsNil)
			c.Assert(keyPEM, gc.IsNil)
		}
	}
}
Esempio n. 8
0
func (certSuite) TestNewCA(c *C) {
	expiry := roundTime(time.Now().AddDate(0, 0, 1))
	caCertPEM, caKeyPEM, err := cert.NewCA("foo", expiry)
	c.Assert(err, IsNil)

	caCert, caKey, err := cert.ParseCertAndKey(caCertPEM, caKeyPEM)
	c.Assert(err, IsNil)

	c.Assert(caKey, FitsTypeOf, (*rsa.PrivateKey)(nil))
	c.Assert(caCert.Subject.CommonName, Equals, `juju-generated CA for environment "foo"`)
	c.Assert(caCert.NotAfter.Equal(expiry), Equals, true)
	c.Assert(caCert.BasicConstraintsValid, Equals, true)
	c.Assert(caCert.IsCA, Equals, true)
	//c.Assert(caCert.MaxPathLen, Equals, 0)	TODO it ends up as -1 - check that this is ok.
}
Esempio n. 9
0
func (s *CloudInitSuite) TestFinishBootstrapConfig(c *C) {
	cfg, err := config.New(map[string]interface{}{
		"name":            "barbara",
		"type":            "dummy",
		"admin-secret":    "lisboan-pork",
		"authorized-keys": "we-are-the-keys",
		"agent-version":   "1.2.3",
		"ca-cert":         testing.CACert,
		"ca-private-key":  testing.CAKey,
		"state-server":    false,
		"secret":          "british-horse",
	})
	c.Assert(err, IsNil)
	oldAttrs := cfg.AllAttrs()
	mcfg := &cloudinit.MachineConfig{
		StateServer: true,
	}
	cons := constraints.MustParse("mem=1T cpu-power=999999999")
	err = environs.FinishMachineConfig(mcfg, cfg, cons)
	c.Check(err, IsNil)
	c.Check(mcfg.AuthorizedKeys, Equals, "we-are-the-keys")
	password := utils.PasswordHash("lisboan-pork")
	c.Check(mcfg.APIInfo, DeepEquals, &api.Info{
		Password: password, CACert: []byte(testing.CACert),
	})
	c.Check(mcfg.StateInfo, DeepEquals, &state.Info{
		Password: password, CACert: []byte(testing.CACert),
	})
	c.Check(mcfg.StatePort, Equals, cfg.StatePort())
	c.Check(mcfg.APIPort, Equals, cfg.APIPort())
	c.Check(mcfg.Constraints, DeepEquals, cons)

	oldAttrs["ca-private-key"] = ""
	oldAttrs["admin-secret"] = ""
	delete(oldAttrs, "secret")
	c.Check(mcfg.Config.AllAttrs(), DeepEquals, oldAttrs)
	srvCertPEM := mcfg.StateServerCert
	srvKeyPEM := mcfg.StateServerKey
	_, _, err = cert.ParseCertAndKey(srvCertPEM, srvKeyPEM)
	c.Check(err, IsNil)

	err = cert.Verify(srvCertPEM, []byte(testing.CACert), time.Now())
	c.Assert(err, IsNil)
	err = cert.Verify(srvCertPEM, []byte(testing.CACert), time.Now().AddDate(9, 0, 0))
	c.Assert(err, IsNil)
	err = cert.Verify(srvCertPEM, []byte(testing.CACert), time.Now().AddDate(10, 0, 1))
	c.Assert(err, NotNil)
}