status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

tlsutil: fix a test for go1.16 

Using a TestSigner was causing problems because go1.16 has this change:

> CreateCertificate now verifies the generated certificate's signature
> using the signer's public key. If the signature is invalid, an error is
> returned, instead of a malformed certificate.

See https://golang.org/doc/go1.16#crypto/x509
This commit is contained in:
Daniel Nephin 2021-04-13 13:31:20 -04:00
parent 3e20bd25bd
commit bbb9a73d9b
1 changed files with 40 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
tlsutil/generate_test.go
View File

@ -62,20 +62,22 @@ func (s *TestSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts)
}
func TestGenerateCA(t *testing.T) {
t.Parallel()
t.Run("no signer", func(t *testing.T) {
ca, pk, err := GenerateCA(CAOpts{Signer: &TestSigner{}})
require.Error(t, err)
require.Empty(t, ca)
require.Empty(t, pk)
})
// test what happens with wrong key
ca, pk, err = GenerateCA(CAOpts{Signer: &TestSigner{public: &rsa.PublicKey{}}})
t.Run("wrong key", func(t *testing.T) {
ca, pk, err := GenerateCA(CAOpts{Signer: &TestSigner{public: &rsa.PublicKey{}}})
require.Error(t, err)
require.Empty(t, ca)
require.Empty(t, pk)
})
// test what happens with correct key
ca, pk, err = GenerateCA(CAOpts{})
t.Run("valid key", func(t *testing.T) {
ca, pk, err := GenerateCA(CAOpts{})
require.Nil(t, err)
require.NotEmpty(t, ca)
require.NotEmpty(t, pk)
@ -90,15 +92,15 @@ func TestGenerateCA(t *testing.T) {
require.WithinDuration(t, cert.NotAfter, time.Now().AddDate(0, 0, 365), time.Minute)
require.Equal(t, x509.KeyUsageCertSign|x509.KeyUsageCRLSign|x509.KeyUsageDigitalSignature, cert.KeyUsage)
})
// Test what happens with a correct RSA Key
s, err := rsa.GenerateKey(rand.Reader, 2048)
require.Nil(t, err)
ca, _, err = GenerateCA(CAOpts{Signer: &TestSigner{public: s.Public()}})
t.Run("RSA key", func(t *testing.T) {
ca, pk, err := GenerateCA(CAOpts{})
require.NoError(t, err)
require.NotEmpty(t, ca)
require.NotEmpty(t, pk)
cert, err = parseCert(ca)
cert, err := parseCert(ca)
require.NoError(t, err)
require.True(t, strings.HasPrefix(cert.Subject.CommonName, "Consul Agent CA"))
require.Equal(t, true, cert.IsCA)
@ -108,6 +110,7 @@ func TestGenerateCA(t *testing.T) {
require.WithinDuration(t, cert.NotAfter, time.Now().AddDate(0, 0, 365), time.Minute)
require.Equal(t, x509.KeyUsageCertSign|x509.KeyUsageCRLSign|x509.KeyUsageDigitalSignature, cert.KeyUsage)
})
}
func TestGenerateCert(t *testing.T) {