Пример #1
0
Файл: x509.go Проект: juju/utils
// newCredentials makes winrm RSA Cert and Key
// with default configuration for winrm juju connections
func newCredentials() ([]byte, []byte, error) {
	now := time.Now()
	expiry := now.AddDate(10, 0, 0) // 10 years is enough
	cert, key, err := cert.NewClientCert(
		fmt.Sprintf("juju-generated client cert for model %s", "Administrator"),
		"", expiry, 2048)
	return []byte(cert), []byte(key), err
}
Пример #2
0
func (certSuite) TestNewClientCertRSASize(c *gc.C) {
	for _, size := range rsaByteSizes {
		now := time.Now()
		expiry := roundTime(now.AddDate(0, 0, 1))
		certPem, privPem, err := cert.NewClientCert(
			fmt.Sprintf("juju-generated CA for model %s", "foo"), "1", expiry, size)

		c.Assert(err, jc.ErrorIsNil)
		c.Assert(certPem, gc.NotNil)
		c.Assert(privPem, gc.NotNil)

		caCert, caKey, err := cert.ParseCertAndKey(certPem, privPem)
		c.Assert(err, jc.ErrorIsNil)
		c.Check(caCert.Subject.CommonName, gc.Equals, "juju-generated CA for model foo")
		c.Check(caCert.Subject.Organization, gc.DeepEquals, []string{"juju"})
		c.Check(caCert.Subject.SerialNumber, gc.DeepEquals, "1")

		c.Check(caKey, gc.FitsTypeOf, (*rsa.PrivateKey)(nil))
		c.Check(caCert.Version, gc.Equals, 3)

		value, err := cert.CertGetUPNExtenstionValue(caCert.Subject)
		c.Assert(err, jc.ErrorIsNil)
		c.Assert(value, gc.Not(gc.IsNil))

		expected := []pkix.Extension{
			{
				Id:       cert.CertSubjAltName,
				Value:    value,
				Critical: false,
			},
		}
		c.Assert(caCert.Extensions[4], jc.DeepEquals, expected[0])
		c.Assert(caCert.PublicKeyAlgorithm, gc.Equals, x509.RSA)
		c.Assert(caCert.ExtKeyUsage[0], gc.Equals, x509.ExtKeyUsageClientAuth)
		checkNotBefore(c, caCert, now)
		checkNotAfter(c, caCert, expiry)

	}
}