From 63c3716b5b3b76f742e551f3532d4d0316b48220 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Sun, 24 Apr 2022 08:03:51 +0200 Subject: [PATCH] Move x509 and openpgp into pkg small refactoring to unify package structure. Use crypto.rand for serial number generation in tests. --- .../openpgp}/signing/repository.go | 0 {openpgp => pkg/openpgp}/signing/signing.go | 0 {x509 => pkg/x509}/openssl/repository.go | 2 +- {x509 => pkg/x509}/openssl/repository_test.go | 4 ++-- {x509 => pkg/x509}/revoking/repository.go | 0 {x509 => pkg/x509}/revoking/revoking.go | 0 {x509 => pkg/x509}/revoking/revoking_test.go | 12 +++++++++-- {x509 => pkg/x509}/signing/repository.go | 0 {x509 => pkg/x509}/signing/signer.go | 0 {x509 => pkg/x509}/signing/signing.go | 0 {x509 => pkg/x509}/signing/signing_test.go | 21 ++++++++++++------- 11 files changed, 27 insertions(+), 12 deletions(-) rename {openpgp => pkg/openpgp}/signing/repository.go (100%) rename {openpgp => pkg/openpgp}/signing/signing.go (100%) rename {x509 => pkg/x509}/openssl/repository.go (99%) rename {x509 => pkg/x509}/openssl/repository_test.go (95%) rename {x509 => pkg/x509}/revoking/repository.go (100%) rename {x509 => pkg/x509}/revoking/revoking.go (100%) rename {x509 => pkg/x509}/revoking/revoking_test.go (86%) rename {x509 => pkg/x509}/signing/repository.go (100%) rename {x509 => pkg/x509}/signing/signer.go (100%) rename {x509 => pkg/x509}/signing/signing.go (100%) rename {x509 => pkg/x509}/signing/signing_test.go (86%) diff --git a/openpgp/signing/repository.go b/pkg/openpgp/signing/repository.go similarity index 100% rename from openpgp/signing/repository.go rename to pkg/openpgp/signing/repository.go diff --git a/openpgp/signing/signing.go b/pkg/openpgp/signing/signing.go similarity index 100% rename from openpgp/signing/signing.go rename to pkg/openpgp/signing/signing.go diff --git a/x509/openssl/repository.go b/pkg/x509/openssl/repository.go similarity index 99% rename from x509/openssl/repository.go rename to pkg/x509/openssl/repository.go index 85a1273..d3b31ca 100644 --- a/x509/openssl/repository.go +++ b/pkg/x509/openssl/repository.go @@ -14,7 +14,7 @@ import ( "sync" "time" - "git.cacert.org/cacert-gosigner/x509/revoking" + "git.cacert.org/cacert-gosigner/pkg/x509/revoking" ) const TimeSpec = "060102030405Z" diff --git a/x509/openssl/repository_test.go b/pkg/x509/openssl/repository_test.go similarity index 95% rename from x509/openssl/repository_test.go rename to pkg/x509/openssl/repository_test.go index c8269e4..cf6c7ba 100644 --- a/x509/openssl/repository_test.go +++ b/pkg/x509/openssl/repository_test.go @@ -11,8 +11,8 @@ import ( "testing" "time" - "git.cacert.org/cacert-gosigner/x509/openssl" - "git.cacert.org/cacert-gosigner/x509/revoking" + "git.cacert.org/cacert-gosigner/pkg/x509/openssl" + "git.cacert.org/cacert-gosigner/pkg/x509/revoking" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/x509/revoking/repository.go b/pkg/x509/revoking/repository.go similarity index 100% rename from x509/revoking/repository.go rename to pkg/x509/revoking/repository.go diff --git a/x509/revoking/revoking.go b/pkg/x509/revoking/revoking.go similarity index 100% rename from x509/revoking/revoking.go rename to pkg/x509/revoking/revoking.go diff --git a/x509/revoking/revoking_test.go b/pkg/x509/revoking/revoking_test.go similarity index 86% rename from x509/revoking/revoking_test.go rename to pkg/x509/revoking/revoking_test.go index 4937239..df3eba3 100644 --- a/x509/revoking/revoking_test.go +++ b/pkg/x509/revoking/revoking_test.go @@ -6,7 +6,6 @@ import ( "crypto/x509" "crypto/x509/pkix" "math/big" - rand2 "math/rand" "testing" "time" @@ -35,6 +34,15 @@ func (t *testRepo) StoreRevocation(revoked *pkix.RevokedCertificate) error { return nil } +func randomSerial(t *testing.T) *big.Int { + t.Helper() + serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128)) + if err != nil { + t.Fatalf("could not generate random serial number: %v", err) + } + return serial +} + func TestRevoking(t *testing.T) { testRepository := testRepo{revoked: make([]big.Int, 0)} @@ -42,7 +50,7 @@ func TestRevoking(t *testing.T) { if err != nil { t.Fatalf("could not generate key pair: %v", err) } - caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: big.NewInt(rand2.Int63())} + caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: randomSerial(t)} certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey) if err != nil { diff --git a/x509/signing/repository.go b/pkg/x509/signing/repository.go similarity index 100% rename from x509/signing/repository.go rename to pkg/x509/signing/repository.go diff --git a/x509/signing/signer.go b/pkg/x509/signing/signer.go similarity index 100% rename from x509/signing/signer.go rename to pkg/x509/signing/signer.go diff --git a/x509/signing/signing.go b/pkg/x509/signing/signing.go similarity index 100% rename from x509/signing/signing.go rename to pkg/x509/signing/signing.go diff --git a/x509/signing/signing_test.go b/pkg/x509/signing/signing_test.go similarity index 86% rename from x509/signing/signing_test.go rename to pkg/x509/signing/signing_test.go index 394a8d7..c5f622e 100644 --- a/x509/signing/signing_test.go +++ b/pkg/x509/signing/signing_test.go @@ -7,11 +7,10 @@ import ( "crypto/x509" "crypto/x509/pkix" "math/big" - rand2 "math/rand" "testing" "time" - "git.cacert.org/cacert-gosigner/x509/signing" + "git.cacert.org/cacert-gosigner/pkg/x509/signing" "github.com/stretchr/testify/assert" ) @@ -25,6 +24,7 @@ func (r *testRepo) StoreCertificate(certificate *x509.Certificate) error { } type testSigner struct { + t *testing.T key crypto.PrivateKey certificate *x509.Certificate } @@ -33,11 +33,20 @@ func newTestSignerResponse(certificate *x509.Certificate) *signing.SignerRespons return &signing.SignerResponse{Certificate: certificate} } +func randomSerial(t *testing.T) *big.Int { + t.Helper() + serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128)) + if err != nil { + t.Fatalf("could not generate random serial number: %v", err) + } + return serial +} + func (s *testSigner) SignCertificate(request *signing.SignerRequest) (*signing.SignerResponse, error) { startDate := time.Now().Add(-1 * time.Minute) template := &x509.Certificate{ Subject: request.SubjectDN, - SerialNumber: big.NewInt(rand2.Int63()), + SerialNumber: randomSerial(s.t), EmailAddresses: request.Emails, NotBefore: startDate, NotAfter: startDate.Add(request.Duration), @@ -60,8 +69,6 @@ func (s *testSigner) SignCertificate(request *signing.SignerRequest) (*signing.S } func TestSigning(t *testing.T) { - rand2.Seed(time.Now().UnixMilli()) - testRepository := testRepo{certs: make(map[string]x509.Certificate)} testSigner := newTestSigner(t) s := signing.NewX509Signing(testSigner, &testRepository) @@ -95,7 +102,7 @@ func newTestSigner(t *testing.T) *testSigner { if err != nil { t.Fatalf("could not generate key pair: %v", err) } - caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: big.NewInt(rand2.Int63())} + caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: randomSerial(t)} certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey) if err != nil { @@ -105,5 +112,5 @@ func newTestSigner(t *testing.T) *testSigner { if err != nil { t.Fatalf("could not create test CA certificate: %v", err) } - return &testSigner{key: caKey, certificate: caCertificate} + return &testSigner{key: caKey, certificate: caCertificate, t: t} }