ca: only generate a single private key for the whole test case

Using tracing and cpu profiling I found that the majority of the time in
these test cases is spent generating a private key. We really don't need
separate private keys, so we can generate only one and use it for all
cases.

With this change the test runs much faster.
This commit is contained in:
Daniel Nephin 2021-11-24 18:45:03 -05:00
parent b3ffe7ac72
commit 11f4cdaa49
1 changed files with 8 additions and 5 deletions

View File

@ -422,6 +422,9 @@ func TestCAManager_SignCertificate_WithExpiredCert(t *testing.T) {
{"root in the future", time.Now().AddDate(0, 0, 1), time.Now().AddDate(0, 0, 2), time.Now().AddDate(0, 0, -1), time.Now().AddDate(0, 0, 2), false, ""}, {"root in the future", time.Now().AddDate(0, 0, 1), time.Now().AddDate(0, 0, 2), time.Now().AddDate(0, 0, -1), time.Now().AddDate(0, 0, 2), false, ""},
} }
caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
require.NoError(t, err, "failed to generate key")
for _, arg := range args { for _, arg := range args {
t.Run(arg.testName, func(t *testing.T) { t.Run(arg.testName, func(t *testing.T) {
// No parallel execution because we change globals // No parallel execution because we change globals
@ -439,11 +442,13 @@ func TestCAManager_SignCertificate_WithExpiredCert(t *testing.T) {
conf.ConnectEnabled = true conf.ConnectEnabled = true
conf.PrimaryDatacenter = "dc1" conf.PrimaryDatacenter = "dc1"
conf.Datacenter = "dc2" conf.Datacenter = "dc2"
rootPEM := generateCertPEM(t, caPrivKey, arg.notBeforeRoot, arg.notAfterRoot)
intermediatePEM := generateCertPEM(t, caPrivKey, arg.notBeforeIntermediate, arg.notAfterIntermediate)
delegate := NewMockCAServerDelegate(t, conf) delegate := NewMockCAServerDelegate(t, conf)
manager := NewCAManager(delegate, nil, testutil.Logger(t), conf) manager := NewCAManager(delegate, nil, testutil.Logger(t), conf)
rootPEM := generateCertPEM(t, arg.notBeforeRoot, arg.notAfterRoot)
intermediatePEM := generateCertPEM(t, arg.notBeforeIntermediate, arg.notAfterIntermediate)
manager.providerShim = &mockCAProvider{ manager.providerShim = &mockCAProvider{
callbackCh: delegate.callbackCh, callbackCh: delegate.callbackCh,
rootPEM: rootPEM, rootPEM: rootPEM,
@ -471,7 +476,7 @@ func TestCAManager_SignCertificate_WithExpiredCert(t *testing.T) {
} }
} }
func generateCertPEM(t *testing.T, notBefore time.Time, notAfter time.Time) string { func generateCertPEM(t *testing.T, caPrivKey *rsa.PrivateKey, notBefore time.Time, notAfter time.Time) string {
t.Helper() t.Helper()
ca := &x509.Certificate{ ca := &x509.Certificate{
SerialNumber: big.NewInt(2019), SerialNumber: big.NewInt(2019),
@ -490,8 +495,6 @@ func generateCertPEM(t *testing.T, notBefore time.Time, notAfter time.Time) stri
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true, BasicConstraintsValid: true,
} }
caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
require.NoError(t, err, "failed to generate key")
caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey) caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey)
require.NoError(t, err, "failed to create cert") require.NoError(t, err, "failed to create cert")