diff --git a/cmd/osbuild-auth-tests/certificates.go b/cmd/osbuild-auth-tests/certificates.go new file mode 100644 index 000000000..27099fcd6 --- /dev/null +++ b/cmd/osbuild-auth-tests/certificates.go @@ -0,0 +1,89 @@ +package main + +import ( + "fmt" + "io/ioutil" + "log" + "os" + "os/exec" + "path" +) + +type certificateKeyPair struct { + baseDir string +} + +func (ckp certificateKeyPair) remove() { + err := os.RemoveAll(ckp.baseDir) + if err != nil { + log.Printf("cannot delete the certificate key pair: %v", err) + } +} + +func (ckp certificateKeyPair) certificate() string { + return path.Join(ckp.baseDir, "crt") +} + +func (ckp certificateKeyPair) key() string { + return path.Join(ckp.baseDir, "key") +} + +func newCertificateKeyPair(CA, CAkey, subj string) (*certificateKeyPair, error) { + dir, err := ioutil.TempDir("", "osbuild-auth-tests-") + if err != nil { + return nil, fmt.Errorf("cannot create a temporary directory for the certificate: %v", err) + } + + ckp := certificateKeyPair{baseDir: dir} + certificateRequest := path.Join(dir, "csr") + + cmd := exec.Command( + "openssl", "req", "-new", "-nodes", + "-subj", subj, + "-keyout", ckp.key(), + "-out", certificateRequest, + ) + + err = cmd.Run() + if err != nil { + return nil, fmt.Errorf("cannot generate a private key and a certificate request: %v", err) + } + + defer os.Remove(certificateRequest) + + cmd = exec.Command( + "openssl", "x509", "-req", "-CAcreateserial", + "-in", certificateRequest, + "-CA", CA, + "-CAkey", CAkey, + "-out", ckp.certificate(), + ) + err = cmd.Run() + if err != nil { + return nil, fmt.Errorf("cannot sign the certificate: %v", err) + } + + return &ckp, nil +} + +func newSelfSignedCertificateKeyPair(subj string) (*certificateKeyPair, error) { + dir, err := ioutil.TempDir("", "osbuild-auth-tests-") + if err != nil { + return nil, fmt.Errorf("cannot create a temporary directory for the certificate: %v", err) + } + + ckp := certificateKeyPair{baseDir: dir} + + cmd := exec.Command( + "openssl", "req", "-nodes", "-x509", + "-subj", subj, + "-out", ckp.certificate(), + "-keyout", ckp.key(), + ) + err = cmd.Run() + if err != nil { + return nil, fmt.Errorf("cannot generate a self-signed certificate: %v", err) + } + + return &ckp, nil +} diff --git a/cmd/osbuild-auth-tests/main_test.go b/cmd/osbuild-auth-tests/main_test.go index 8ce29c0df..fcfe9cd58 100644 --- a/cmd/osbuild-auth-tests/main_test.go +++ b/cmd/osbuild-auth-tests/main_test.go @@ -7,13 +7,8 @@ import ( "crypto/x509" "encoding/json" "errors" - "fmt" "io/ioutil" - "log" "net/http" - "os" - "os/exec" - "path" "testing" "github.com/stretchr/testify/require" @@ -48,87 +43,6 @@ func createTLSConfig(config *connectionConfig) (*tls.Config, error) { }, nil } -type certificateKeyPair struct { - baseDir string -} - -func (ckp certificateKeyPair) remove() { - err := os.RemoveAll(ckp.baseDir) - if err != nil { - log.Printf("cannot delete the certificate key pair: %v", err) - } -} - -func (ckp certificateKeyPair) certificate() string { - return path.Join(ckp.baseDir, "crt") -} - -func (ckp certificateKeyPair) key() string { - return path.Join(ckp.baseDir, "key") -} - -func newCertificateKeyPair(CA, CAkey, subj string) (*certificateKeyPair, error) { - dir, err := ioutil.TempDir("", "osbuild-auth-tests-") - if err != nil { - return nil, fmt.Errorf("cannot create a temporary directory for the certificate: %v", err) - } - - ckp := certificateKeyPair{baseDir: dir} - certificateRequest := path.Join(dir, "csr") - - cmd := exec.Command( - "openssl", "req", "-new", "-nodes", - "-subj", subj, - "-keyout", ckp.key(), - "-out", certificateRequest, - ) - - err = cmd.Run() - if err != nil { - return nil, fmt.Errorf("cannot generate a private key and a certificate request: %v", err) - } - - defer os.Remove(certificateRequest) - - cmd = exec.Command( - "openssl", "x509", "-req", "-CAcreateserial", - "-in", certificateRequest, - "-CA", CA, - "-CAkey", CAkey, - "-out", ckp.certificate(), - ) - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - err = cmd.Run() - if err != nil { - return nil, fmt.Errorf("cannot sign the certificate: %v", err) - } - - return &ckp, nil -} - -func newSelfSignedCertificateKeyPair(subj string) (*certificateKeyPair, error) { - dir, err := ioutil.TempDir("", "osbuild-auth-tests-") - if err != nil { - return nil, fmt.Errorf("cannot create a temporary directory for the certificate: %v", err) - } - - ckp := certificateKeyPair{baseDir: dir} - - cmd := exec.Command( - "openssl", "req", "-nodes", "-x509", - "-subj", subj, - "-out", ckp.certificate(), - "-keyout", ckp.key(), - ) - err = cmd.Run() - if err != nil { - return nil, fmt.Errorf("cannot generate a self-signed certificate: %v", err) - } - - return &ckp, nil -} - func TestWorkerAPIAuth(t *testing.T) { t.Run("certificate signed by a trusted CA", func(t *testing.T) { cases := []struct {