// newCredentials makes winrm RSA Cert and Key
// with default configuration for winrm juju connections
func newCredentials() ([]byte, []byte, error) {
now := time.Now()
expiry := now.AddDate(10, 0, 0) // 10 years is enough
cert, key, err := cert.NewClientCert(
fmt.Sprintf("juju-generated client cert for model %s", "Administrator"),
"", expiry, 2048)
return []byte(cert), []byte(key), err
}
func (certSuite) TestNewClientCertRSASize(c *gc.C) {
for _, size := range rsaByteSizes {
now := time.Now()
expiry := roundTime(now.AddDate(0, 0, 1))
certPem, privPem, err := cert.NewClientCert(
fmt.Sprintf("juju-generated CA for model %s", "foo"), "1", expiry, size)
c.Assert(err, jc.ErrorIsNil)
c.Assert(certPem, gc.NotNil)
c.Assert(privPem, gc.NotNil)
caCert, caKey, err := cert.ParseCertAndKey(certPem, privPem)
c.Assert(err, jc.ErrorIsNil)
c.Check(caCert.Subject.CommonName, gc.Equals, "juju-generated CA for model foo")
c.Check(caCert.Subject.Organization, gc.DeepEquals, []string{"juju"})
c.Check(caCert.Subject.SerialNumber, gc.DeepEquals, "1")
c.Check(caKey, gc.FitsTypeOf, (*rsa.PrivateKey)(nil))
c.Check(caCert.Version, gc.Equals, 3)
value, err := cert.CertGetUPNExtenstionValue(caCert.Subject)
c.Assert(err, jc.ErrorIsNil)
c.Assert(value, gc.Not(gc.IsNil))
expected := []pkix.Extension{
{
Id: cert.CertSubjAltName,
Value: value,
Critical: false,
},
}
c.Assert(caCert.Extensions[4], jc.DeepEquals, expected[0])
c.Assert(caCert.PublicKeyAlgorithm, gc.Equals, x509.RSA)
c.Assert(caCert.ExtKeyUsage[0], gc.Equals, x509.ExtKeyUsageClientAuth)
checkNotBefore(c, caCert, now)
checkNotAfter(c, caCert, expiry)
}
}