-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathx509proxy_test.go
185 lines (156 loc) · 4.56 KB
/
x509proxy_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
package x509proxy
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"math/big"
"os"
"testing"
"time"
)
// Mock certificate and key
const certPEM = `-----BEGIN CERTIFICATE-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsda823dsfdasds... (truncated)
-----END CERTIFICATE-----`
const keyPEM = `-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAsdf324dfdsf4234234234dsf... (truncated)
-----END RSA PRIVATE KEY-----`
func TestAppendByte(t *testing.T) {
data1 := []byte("hello")
data2 := []byte(" world")
result := appendByte(data1, data2)
expected := "hello world"
if string(result) != expected {
t.Errorf("Expected %s, got %s", expected, string(result))
}
}
func TestGetData(t *testing.T) {
block := []byte(certPEM + "\n" + keyPEM)
extractedCert := getData("CERTIFICATE", block)
extractedKey := getData("RSA PRIVATE KEY", block)
if len(extractedCert) == 0 {
t.Error("Failed to extract certificate data")
}
if len(extractedKey) == 0 {
t.Error("Failed to extract key data")
}
}
func TestIsValid(t *testing.T) {
now := time.Now()
validCert := &x509.Certificate{
NotBefore: now.Add(-1 * time.Hour),
NotAfter: now.Add(1 * time.Hour),
}
expiredCert := &x509.Certificate{
NotBefore: now.Add(-2 * time.Hour),
NotAfter: now.Add(-1 * time.Hour),
}
if !isValid(validCert) {
t.Error("Valid certificate was marked invalid")
}
if isValid(expiredCert) {
t.Error("Expired certificate was marked valid")
}
}
// Generate a self-signed certificate for testing
func generateTestCert() ([]byte, []byte, error) {
privKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return nil, nil, err
}
template := x509.Certificate{
SerialNumber: big.NewInt(1),
Subject: pkix.Name{CommonName: "Test Cert"},
NotBefore: time.Now().Add(-time.Hour),
NotAfter: time.Now().Add(time.Hour),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
}
certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey)
if err != nil {
return nil, nil, err
}
certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})
keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privKey)})
return certPEM, keyPEM, nil
}
func TestX509KeyPair(t *testing.T) {
certPEM, keyPEM, err := generateTestCert()
if err != nil {
t.Fatalf("Failed to generate test certificate: %v", err)
}
cert, err := x509KeyPair(certPEM, keyPEM)
if err != nil {
t.Fatalf("Failed to parse key pair: %v", err)
}
if cert.PrivateKey == nil {
t.Error("Private key was not properly parsed")
}
if cert.Leaf == nil {
t.Error("Certificate leaf was not set")
}
}
func TestLoadX509Proxy(t *testing.T) {
certPEM, keyPEM, err := generateTestCert()
if err != nil {
t.Fatalf("Failed to generate test certificate: %v", err)
}
tmpfile, err := os.CreateTemp("", "proxy.pem")
if err != nil {
t.Fatal(err)
}
defer os.Remove(tmpfile.Name())
if _, err := tmpfile.Write(certPEM); err != nil {
t.Fatal(err)
}
if _, err := tmpfile.Write(keyPEM); err != nil {
t.Fatal(err)
}
tmpfile.Close()
cert, err := LoadX509Proxy(tmpfile.Name())
if err != nil {
t.Fatalf("Failed to load proxy certificate: %v", err)
}
if cert.PrivateKey == nil {
t.Error("Failed to load private key")
}
}
// Test ParseCertificate function
func TestParseCertificate(t *testing.T) {
certPEM, keyPEM, _ := generateTestCert()
data := append(certPEM, keyPEM...)
cert, err := ParseCertificate(data)
if err != nil {
t.Fatalf("Failed to parse certificate: %v", err)
}
if cert.Subject.CommonName != "Test Cert" {
t.Errorf("Expected subject CommonName to be 'Test Cert', got '%s'", cert.Subject.CommonName)
}
}
// Test GetTlsCert function
func TestGetTlsCert(t *testing.T) {
certPEM, keyPEM, _ := generateTestCert()
data := append(certPEM, keyPEM...)
tlsCert, err := GetTlsCert(data)
if err != nil {
t.Fatalf("Failed to parse TLS certificate: %v", err)
}
if tlsCert.PrivateKey == nil {
t.Error("Private key should not be nil")
}
}
// Test tlsToX509 function
func TestTlsToX509(t *testing.T) {
certPEM, keyPEM, _ := generateTestCert()
tlsCert, _ := x509KeyPair(certPEM, keyPEM)
x509Certs, err := tlsToX509(tlsCert)
if err != nil {
t.Fatalf("Failed to convert TLS certificate to X509: %v", err)
}
if len(x509Certs) == 0 {
t.Error("Expected at least one X509 certificate")
}
}