Move x509 and openpgp into pkg

small refactoring to unify package structure. Use crypto.rand for serial
number generation in tests.
This commit is contained in:
Jan Dittberner 2022-04-24 08:03:51 +02:00
parent 20580cda52
commit 63c3716b5b
11 changed files with 27 additions and 12 deletions

View file

@ -14,7 +14,7 @@ import (
"sync"
"time"
"git.cacert.org/cacert-gosigner/x509/revoking"
"git.cacert.org/cacert-gosigner/pkg/x509/revoking"
)
const TimeSpec = "060102030405Z"

View file

@ -11,8 +11,8 @@ import (
"testing"
"time"
"git.cacert.org/cacert-gosigner/x509/openssl"
"git.cacert.org/cacert-gosigner/x509/revoking"
"git.cacert.org/cacert-gosigner/pkg/x509/openssl"
"git.cacert.org/cacert-gosigner/pkg/x509/revoking"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)

View file

@ -6,7 +6,6 @@ import (
"crypto/x509"
"crypto/x509/pkix"
"math/big"
rand2 "math/rand"
"testing"
"time"
@ -35,6 +34,15 @@ func (t *testRepo) StoreRevocation(revoked *pkix.RevokedCertificate) error {
return nil
}
func randomSerial(t *testing.T) *big.Int {
t.Helper()
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
if err != nil {
t.Fatalf("could not generate random serial number: %v", err)
}
return serial
}
func TestRevoking(t *testing.T) {
testRepository := testRepo{revoked: make([]big.Int, 0)}
@ -42,7 +50,7 @@ func TestRevoking(t *testing.T) {
if err != nil {
t.Fatalf("could not generate key pair: %v", err)
}
caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: big.NewInt(rand2.Int63())}
caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: randomSerial(t)}
certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey)
if err != nil {

View file

@ -7,11 +7,10 @@ import (
"crypto/x509"
"crypto/x509/pkix"
"math/big"
rand2 "math/rand"
"testing"
"time"
"git.cacert.org/cacert-gosigner/x509/signing"
"git.cacert.org/cacert-gosigner/pkg/x509/signing"
"github.com/stretchr/testify/assert"
)
@ -25,6 +24,7 @@ func (r *testRepo) StoreCertificate(certificate *x509.Certificate) error {
}
type testSigner struct {
t *testing.T
key crypto.PrivateKey
certificate *x509.Certificate
}
@ -33,11 +33,20 @@ func newTestSignerResponse(certificate *x509.Certificate) *signing.SignerRespons
return &signing.SignerResponse{Certificate: certificate}
}
func randomSerial(t *testing.T) *big.Int {
t.Helper()
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
if err != nil {
t.Fatalf("could not generate random serial number: %v", err)
}
return serial
}
func (s *testSigner) SignCertificate(request *signing.SignerRequest) (*signing.SignerResponse, error) {
startDate := time.Now().Add(-1 * time.Minute)
template := &x509.Certificate{
Subject: request.SubjectDN,
SerialNumber: big.NewInt(rand2.Int63()),
SerialNumber: randomSerial(s.t),
EmailAddresses: request.Emails,
NotBefore: startDate,
NotAfter: startDate.Add(request.Duration),
@ -60,8 +69,6 @@ func (s *testSigner) SignCertificate(request *signing.SignerRequest) (*signing.S
}
func TestSigning(t *testing.T) {
rand2.Seed(time.Now().UnixMilli())
testRepository := testRepo{certs: make(map[string]x509.Certificate)}
testSigner := newTestSigner(t)
s := signing.NewX509Signing(testSigner, &testRepository)
@ -95,7 +102,7 @@ func newTestSigner(t *testing.T) *testSigner {
if err != nil {
t.Fatalf("could not generate key pair: %v", err)
}
caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: big.NewInt(rand2.Int63())}
caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: randomSerial(t)}
certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey)
if err != nil {
@ -105,5 +112,5 @@ func newTestSigner(t *testing.T) *testSigner {
if err != nil {
t.Fatalf("could not create test CA certificate: %v", err)
}
return &testSigner{key: caKey, certificate: caCertificate}
return &testSigner{key: caKey, certificate: caCertificate, t: t}
}