@@ -19,38 +19,116 @@ package generator
19
19
import (
20
20
"crypto/x509"
21
21
"encoding/pem"
22
- "testing"
22
+
23
+ . "github.com/onsi/ginkgo"
24
+ . "github.com/onsi/gomega"
23
25
)
24
26
25
- func TestProvisionServingCert ( t * testing. T ) {
27
+ var _ = Describe ( "Cert Generator" , func ( ) {
26
28
cn := "mysvc.myns.svc"
27
- cp := SelfSignedCertGenerator {}
28
- certs , _ := cp .Generate (cn )
29
-
30
- // First, create the set of root certificates. For this example we only
31
- // have one. It's also possible to omit this in order to use the
32
- // default root set of the current operating system.
33
- roots := x509 .NewCertPool ()
34
- ok := roots .AppendCertsFromPEM (certs .CACert )
35
- if ! ok {
36
- t .Fatalf ("failed to parse root certificate: %s" , certs .CACert )
37
- }
38
-
39
- block , _ := pem .Decode (certs .Cert )
40
- if block == nil {
41
- t .Fatalf ("failed to parse certificate PEM: %s" , certs .Cert )
42
- }
43
- cert , err := x509 .ParseCertificate (block .Bytes )
44
- if err != nil {
45
- t .Fatalf ("failed to parse certificate: %v" , err )
46
- }
47
-
48
- opts := x509.VerifyOptions {
49
- DNSName : cn ,
50
- Roots : roots ,
51
- }
52
-
53
- if _ , err := cert .Verify (opts ); err != nil {
54
- t .Fatalf ("failed to verify certificate: %v" , err )
55
- }
56
- }
29
+ Describe ("CA doesn't exist" , func () {
30
+ It ("should generate CA" , func () {
31
+ cp := SelfSignedCertGenerator {}
32
+ certs , err := cp .Generate (cn )
33
+ Expect (err ).NotTo (HaveOccurred ())
34
+
35
+ // First, create the set of root certificates. For this example we only
36
+ // have one. It's also possible to omit this in order to use the
37
+ // default root set of the current operating system.
38
+ roots := x509 .NewCertPool ()
39
+ ok := roots .AppendCertsFromPEM (certs .CACert )
40
+ Expect (ok ).To (BeTrue ())
41
+
42
+ block , _ := pem .Decode (certs .Cert )
43
+ Expect (block ).NotTo (BeNil ())
44
+
45
+ cert , err := x509 .ParseCertificate (block .Bytes )
46
+ Expect (err ).NotTo (HaveOccurred ())
47
+
48
+ opts := x509.VerifyOptions {
49
+ DNSName : cn ,
50
+ Roots : roots ,
51
+ }
52
+
53
+ _ , err = cert .Verify (opts )
54
+ Expect (err ).NotTo (HaveOccurred ())
55
+ })
56
+ })
57
+
58
+ Describe ("CA doesn't exist" , func () {
59
+ Context ("CA is valid" , func () {
60
+ It ("should reuse existing CA" , func () {
61
+ cp := SelfSignedCertGenerator {}
62
+ certs , err := cp .Generate ("foo.example.com" )
63
+ Expect (err ).NotTo (HaveOccurred ())
64
+
65
+ cp = SelfSignedCertGenerator {}
66
+ cp .SetCA (certs .CAKey , certs .CACert )
67
+ certs , err = cp .Generate (cn )
68
+ Expect (err ).NotTo (HaveOccurred ())
69
+
70
+ Expect (certs .CAKey ).To (Equal (cp .caKey ))
71
+ Expect (certs .CACert ).To (Equal (cp .caCert ))
72
+
73
+ // First, create the set of root certificates. For this example we only
74
+ // have one. It's also possible to omit this in order to use the
75
+ // default root set of the current operating system.
76
+ roots := x509 .NewCertPool ()
77
+ ok := roots .AppendCertsFromPEM (certs .CACert )
78
+ Expect (ok ).To (BeTrue ())
79
+
80
+ block , _ := pem .Decode (certs .Cert )
81
+ Expect (block ).NotTo (BeNil ())
82
+
83
+ cert , err := x509 .ParseCertificate (block .Bytes )
84
+ Expect (err ).NotTo (HaveOccurred ())
85
+
86
+ opts := x509.VerifyOptions {
87
+ DNSName : cn ,
88
+ Roots : roots ,
89
+ }
90
+
91
+ _ , err = cert .Verify (opts )
92
+ Expect (err ).NotTo (HaveOccurred ())
93
+ })
94
+ })
95
+
96
+ Context ("CA is invalid" , func () {
97
+ It ("should reuse existing CA" , func () {
98
+ cp := SelfSignedCertGenerator {}
99
+ certs , err := cp .Generate ("foo.example.com" )
100
+ Expect (err ).NotTo (HaveOccurred ())
101
+
102
+ cp = SelfSignedCertGenerator {}
103
+ cp .SetCA ([]byte ("invalidCAKey" ), []byte ("invalidCACert" ))
104
+
105
+ certs , err = cp .Generate (cn )
106
+ Expect (err ).NotTo (HaveOccurred ())
107
+
108
+ Expect (certs .CAKey ).NotTo (Equal (cp .caKey ))
109
+ Expect (certs .CACert ).NotTo (Equal (cp .caCert ))
110
+
111
+ // First, create the set of root certificates. For this example we only
112
+ // have one. It's also possible to omit this in order to use the
113
+ // default root set of the current operating system.
114
+ roots := x509 .NewCertPool ()
115
+ ok := roots .AppendCertsFromPEM (certs .CACert )
116
+ Expect (ok ).To (BeTrue ())
117
+
118
+ block , _ := pem .Decode (certs .Cert )
119
+ Expect (block ).NotTo (BeNil ())
120
+
121
+ cert , err := x509 .ParseCertificate (block .Bytes )
122
+ Expect (err ).NotTo (HaveOccurred ())
123
+
124
+ opts := x509.VerifyOptions {
125
+ DNSName : cn ,
126
+ Roots : roots ,
127
+ }
128
+
129
+ _ , err = cert .Verify (opts )
130
+ Expect (err ).NotTo (HaveOccurred ())
131
+ })
132
+ })
133
+ })
134
+ })
0 commit comments