コード例 #1
0
ファイル: cert_test.go プロジェクト: juju/utils
func (certSuite) TestParseCertAndKey(c *gc.C) {
	xcert, key, err := cert.ParseCertAndKey(caCertPEM, caKeyPEM)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(xcert.Subject.CommonName, gc.Equals, `juju-generated CA for model "juju testing"`)
	c.Assert(key, gc.NotNil)

	c.Assert(xcert.PublicKey.(*rsa.PublicKey), gc.DeepEquals, &key.PublicKey)
}
コード例 #2
0
ファイル: cert_test.go プロジェクト: juju/utils
func checkCertificate(c *gc.C, caCert *x509.Certificate, srvCertPEM, srvKeyPEM string, now, expiry time.Time) {
	srvCert, srvKey, err := cert.ParseCertAndKey(srvCertPEM, srvKeyPEM)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(srvCert.Subject.CommonName, gc.Equals, "*")
	checkNotBefore(c, srvCert, now)
	checkNotAfter(c, srvCert, expiry)
	c.Assert(srvCert.BasicConstraintsValid, jc.IsFalse)
	c.Assert(srvCert.IsCA, jc.IsFalse)
	c.Assert(srvCert.ExtKeyUsage, gc.DeepEquals, []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth})
	c.Assert(srvCert.SerialNumber, gc.NotNil)
	if srvCert.SerialNumber.Cmp(big.NewInt(0)) == 0 {
		c.Fatalf("zero serial number")
	}

	checkTLSConnection(c, caCert, srvCert, srvKey)
}
コード例 #3
0
ファイル: cert_test.go プロジェクト: juju/utils
func (certSuite) TestNewCA(c *gc.C) {
	now := time.Now()
	expiry := roundTime(now.AddDate(0, 0, 1))
	caCertPEM, caKeyPEM, err := cert.NewCA(
		fmt.Sprintf("juju-generated CA for model %s", "foo"),
		"1", expiry, 0,
	)
	c.Assert(err, jc.ErrorIsNil)

	caCert, caKey, err := cert.ParseCertAndKey(caCertPEM, caKeyPEM)
	c.Assert(err, jc.ErrorIsNil)

	c.Check(caKey, gc.FitsTypeOf, (*rsa.PrivateKey)(nil))
	c.Check(caCert.Subject.CommonName, gc.Equals, `juju-generated CA for model foo`)
	checkNotBefore(c, caCert, now)
	checkNotAfter(c, caCert, expiry)
	c.Check(caCert.BasicConstraintsValid, jc.IsTrue)
	c.Check(caCert.IsCA, jc.IsTrue)
	//c.Assert(caCert.MaxPathLen, Equals, 0)	TODO it ends up as -1 - check that this is ok.
}
コード例 #4
0
ファイル: cert_test.go プロジェクト: juju/utils
func (certSuite) TestNewClientCertRSASize(c *gc.C) {
	for _, size := range rsaByteSizes {
		now := time.Now()
		expiry := roundTime(now.AddDate(0, 0, 1))
		certPem, privPem, err := cert.NewClientCert(
			fmt.Sprintf("juju-generated CA for model %s", "foo"), "1", expiry, size)

		c.Assert(err, jc.ErrorIsNil)
		c.Assert(certPem, gc.NotNil)
		c.Assert(privPem, gc.NotNil)

		caCert, caKey, err := cert.ParseCertAndKey(certPem, privPem)
		c.Assert(err, jc.ErrorIsNil)
		c.Check(caCert.Subject.CommonName, gc.Equals, "juju-generated CA for model foo")
		c.Check(caCert.Subject.Organization, gc.DeepEquals, []string{"juju"})
		c.Check(caCert.Subject.SerialNumber, gc.DeepEquals, "1")

		c.Check(caKey, gc.FitsTypeOf, (*rsa.PrivateKey)(nil))
		c.Check(caCert.Version, gc.Equals, 3)

		value, err := cert.CertGetUPNExtenstionValue(caCert.Subject)
		c.Assert(err, jc.ErrorIsNil)
		c.Assert(value, gc.Not(gc.IsNil))

		expected := []pkix.Extension{
			{
				Id:       cert.CertSubjAltName,
				Value:    value,
				Critical: false,
			},
		}
		c.Assert(caCert.Extensions[4], jc.DeepEquals, expected[0])
		c.Assert(caCert.PublicKeyAlgorithm, gc.Equals, x509.RSA)
		c.Assert(caCert.ExtKeyUsage[0], gc.Equals, x509.ExtKeyUsageClientAuth)
		checkNotBefore(c, caCert, now)
		checkNotAfter(c, caCert, expiry)

	}
}