// newHandler generates a new sign handler (or info handler) using the certificate
// authority private key and certficate to sign certificates.
func newHandler(t *testing.T, caFile, caKeyFile, op string) (http.Handler, error) {
var expiry = 1 * time.Minute
var CAConfig = &config.Config{
Signing: &config.Signing{
Profiles: map[string]*config.SigningProfile{
"signature": &config.SigningProfile{
Usage: []string{"digital signature"},
Expiry: expiry,
},
},
Default: &config.SigningProfile{
Usage: []string{"cert sign", "crl sign"},
ExpiryString: "43800h",
Expiry: expiry,
CA: true,
UseSerialSeq: true,
},
},
}
s, err := local.NewSignerFromFile(testCaFile, testCaKeyFile, CAConfig.Signing)
if err != nil {
t.Fatal(err)
}
if op == "sign" {
return NewSignHandlerFromSigner(s)
} else if op == "info" {
return apiinfo.NewHandler(s)
}
t.Fatal("Bad op code")
return nil, nil
}
// fileBackedSigner determines whether a file-backed local signer is supported.
func fileBackedSigner(root *Root, policy *config.Signing) (signer.Signer, bool, error) {
keyFile := root.Config["key-file"]
certFile := root.Config["cert-file"]
if keyFile == "" {
return nil, false, nil
}
signer, err := local.NewSignerFromFile(certFile, keyFile, policy)
return signer, true, err
}
// create a test intermediate cert in PEM
func createInterCert(t *testing.T, csrFile string, policy *config.Signing, profileName string) (certPEM []byte) {
s, err := local.NewSignerFromFile(testCAFile, testCAKeyFile, policy)
if err != nil {
t.Fatal(err)
}
csr, err := ioutil.ReadFile(csrFile)
if err != nil {
t.Fatal(err)
}
req := signer.SignRequest{
Hosts: []string{"cloudflare-inter.com"},
Request: string(csr),
Profile: profileName,
Label: "",
}
certPEM, err = s.Sign(req)
if err != nil {
t.Fatal(err)
}
return
}