test/auth: extract certificate code
Not a functional change, just cleaning up
This commit is contained in:
Ondřej Budai
parent
3583399f4e
commit
90aabfa8c8
2 changed files with 89 additions and 86 deletions
89
cmd/osbuild-auth-tests/certificates.go
Normal file
89
cmd/osbuild-auth-tests/certificates.go
Normal file
|
|
@ -0,0 +1,89 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path"
|
||||
)
|
||||
|
||||
type certificateKeyPair struct {
|
||||
baseDir string
|
||||
}
|
||||
|
||||
func (ckp certificateKeyPair) remove() {
|
||||
err := os.RemoveAll(ckp.baseDir)
|
||||
if err != nil {
|
||||
log.Printf("cannot delete the certificate key pair: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func (ckp certificateKeyPair) certificate() string {
|
||||
return path.Join(ckp.baseDir, "crt")
|
||||
}
|
||||
|
||||
func (ckp certificateKeyPair) key() string {
|
||||
return path.Join(ckp.baseDir, "key")
|
||||
}
|
||||
|
||||
func newCertificateKeyPair(CA, CAkey, subj string) (*certificateKeyPair, error) {
|
||||
dir, err := ioutil.TempDir("", "osbuild-auth-tests-")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot create a temporary directory for the certificate: %v", err)
|
||||
}
|
||||
|
||||
ckp := certificateKeyPair{baseDir: dir}
|
||||
certificateRequest := path.Join(dir, "csr")
|
||||
|
||||
cmd := exec.Command(
|
||||
"openssl", "req", "-new", "-nodes",
|
||||
"-subj", subj,
|
||||
"-keyout", ckp.key(),
|
||||
"-out", certificateRequest,
|
||||
)
|
||||
|
||||
err = cmd.Run()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot generate a private key and a certificate request: %v", err)
|
||||
}
|
||||
|
||||
defer os.Remove(certificateRequest)
|
||||
|
||||
cmd = exec.Command(
|
||||
"openssl", "x509", "-req", "-CAcreateserial",
|
||||
"-in", certificateRequest,
|
||||
"-CA", CA,
|
||||
"-CAkey", CAkey,
|
||||
"-out", ckp.certificate(),
|
||||
)
|
||||
err = cmd.Run()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot sign the certificate: %v", err)
|
||||
}
|
||||
|
||||
return &ckp, nil
|
||||
}
|
||||
|
||||
func newSelfSignedCertificateKeyPair(subj string) (*certificateKeyPair, error) {
|
||||
dir, err := ioutil.TempDir("", "osbuild-auth-tests-")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot create a temporary directory for the certificate: %v", err)
|
||||
}
|
||||
|
||||
ckp := certificateKeyPair{baseDir: dir}
|
||||
|
||||
cmd := exec.Command(
|
||||
"openssl", "req", "-nodes", "-x509",
|
||||
"-subj", subj,
|
||||
"-out", ckp.certificate(),
|
||||
"-keyout", ckp.key(),
|
||||
)
|
||||
err = cmd.Run()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot generate a self-signed certificate: %v", err)
|
||||
}
|
||||
|
||||
return &ckp, nil
|
||||
}
|
||||
|
|
@ -7,13 +7,8 @@ import (
|
|||
"crypto/x509"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
|
|
@ -48,87 +43,6 @@ func createTLSConfig(config *connectionConfig) (*tls.Config, error) {
|
|||
}, nil
|
||||
}
|
||||
|
||||
type certificateKeyPair struct {
|
||||
baseDir string
|
||||
}
|
||||
|
||||
func (ckp certificateKeyPair) remove() {
|
||||
err := os.RemoveAll(ckp.baseDir)
|
||||
if err != nil {
|
||||
log.Printf("cannot delete the certificate key pair: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func (ckp certificateKeyPair) certificate() string {
|
||||
return path.Join(ckp.baseDir, "crt")
|
||||
}
|
||||
|
||||
func (ckp certificateKeyPair) key() string {
|
||||
return path.Join(ckp.baseDir, "key")
|
||||
}
|
||||
|
||||
func newCertificateKeyPair(CA, CAkey, subj string) (*certificateKeyPair, error) {
|
||||
dir, err := ioutil.TempDir("", "osbuild-auth-tests-")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot create a temporary directory for the certificate: %v", err)
|
||||
}
|
||||
|
||||
ckp := certificateKeyPair{baseDir: dir}
|
||||
certificateRequest := path.Join(dir, "csr")
|
||||
|
||||
cmd := exec.Command(
|
||||
"openssl", "req", "-new", "-nodes",
|
||||
"-subj", subj,
|
||||
"-keyout", ckp.key(),
|
||||
"-out", certificateRequest,
|
||||
)
|
||||
|
||||
err = cmd.Run()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot generate a private key and a certificate request: %v", err)
|
||||
}
|
||||
|
||||
defer os.Remove(certificateRequest)
|
||||
|
||||
cmd = exec.Command(
|
||||
"openssl", "x509", "-req", "-CAcreateserial",
|
||||
"-in", certificateRequest,
|
||||
"-CA", CA,
|
||||
"-CAkey", CAkey,
|
||||
"-out", ckp.certificate(),
|
||||
)
|
||||
cmd.Stdout = os.Stdout
|
||||
cmd.Stderr = os.Stderr
|
||||
err = cmd.Run()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot sign the certificate: %v", err)
|
||||
}
|
||||
|
||||
return &ckp, nil
|
||||
}
|
||||
|
||||
func newSelfSignedCertificateKeyPair(subj string) (*certificateKeyPair, error) {
|
||||
dir, err := ioutil.TempDir("", "osbuild-auth-tests-")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot create a temporary directory for the certificate: %v", err)
|
||||
}
|
||||
|
||||
ckp := certificateKeyPair{baseDir: dir}
|
||||
|
||||
cmd := exec.Command(
|
||||
"openssl", "req", "-nodes", "-x509",
|
||||
"-subj", subj,
|
||||
"-out", ckp.certificate(),
|
||||
"-keyout", ckp.key(),
|
||||
)
|
||||
err = cmd.Run()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot generate a self-signed certificate: %v", err)
|
||||
}
|
||||
|
||||
return &ckp, nil
|
||||
}
|
||||
|
||||
func TestWorkerAPIAuth(t *testing.T) {
|
||||
t.Run("certificate signed by a trusted CA", func(t *testing.T) {
|
||||
cases := []struct {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue