jandd/cacert-gosigner
1
0
Fork 0
Code Issues Pull requests Projects Releases Activity

Move x509 and openpgp into pkg

Browse source 
small refactoring to unify package structure. Use crypto.rand for serial
number generation in tests.
This commit is contained in:
Jan Dittberner 2022-04-24 08:03:51 +02:00
parent 20580cda52
commit 63c3716b5b
11 changed files with 27 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
openpgp/signing/repository.go → pkg/openpgp/signing/repository.go
View file

0
openpgp/signing/signing.go → pkg/openpgp/signing/signing.go
View file

2
x509/openssl/repository.go → pkg/x509/openssl/repository.go
View file

@ -14,7 +14,7 @@ import (
"sync" "sync"
"time" "time"
"git.cacert.org/cacert-gosigner/x509/revoking" "git.cacert.org/cacert-gosigner/pkg/x509/revoking"
) )
const TimeSpec = "060102030405Z" const TimeSpec = "060102030405Z"

4
x509/openssl/repository_test.go → pkg/x509/openssl/repository_test.go
View file

@ -11,8 +11,8 @@ import (
"testing" "testing"
"time" "time"
"git.cacert.org/cacert-gosigner/x509/openssl" "git.cacert.org/cacert-gosigner/pkg/x509/openssl"
"git.cacert.org/cacert-gosigner/x509/revoking" "git.cacert.org/cacert-gosigner/pkg/x509/revoking"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )

0
x509/revoking/repository.go → pkg/x509/revoking/repository.go
View file

0
x509/revoking/revoking.go → pkg/x509/revoking/revoking.go
View file

12
x509/revoking/revoking_test.go → pkg/x509/revoking/revoking_test.go
View file

@ -6,7 +6,6 @@ import (
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
"math/big" "math/big"
rand2 "math/rand"
"testing" "testing"
"time" "time"
@ -35,6 +34,15 @@ func (t *testRepo) StoreRevocation(revoked *pkix.RevokedCertificate) error {
return nil return nil
} }
func randomSerial(t *testing.T) *big.Int {
t.Helper()
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
if err != nil {
t.Fatalf("could not generate random serial number: %v", err)
}
return serial
}
func TestRevoking(t *testing.T) { func TestRevoking(t *testing.T) {
testRepository := testRepo{revoked: make([]big.Int, 0)} testRepository := testRepo{revoked: make([]big.Int, 0)}
@ -42,7 +50,7 @@ func TestRevoking(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("could not generate key pair: %v", err) t.Fatalf("could not generate key pair: %v", err)
} }
caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: big.NewInt(rand2.Int63())} caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: randomSerial(t)}
certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey) certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey)
if err != nil { if err != nil {

0
x509/signing/repository.go → pkg/x509/signing/repository.go
View file

0
x509/signing/signer.go → pkg/x509/signing/signer.go
View file

0
x509/signing/signing.go → pkg/x509/signing/signing.go
View file

21
x509/signing/signing_test.go → pkg/x509/signing/signing_test.go
View file

@ -7,11 +7,10 @@ import (
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
"math/big" "math/big"
rand2 "math/rand"
"testing" "testing"
"time" "time"
"git.cacert.org/cacert-gosigner/x509/signing" "git.cacert.org/cacert-gosigner/pkg/x509/signing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
@ -25,6 +24,7 @@ func (r *testRepo) StoreCertificate(certificate *x509.Certificate) error {
} }
type testSigner struct { type testSigner struct {
t *testing.T
key crypto.PrivateKey key crypto.PrivateKey
certificate *x509.Certificate certificate *x509.Certificate
} }
@ -33,11 +33,20 @@ func newTestSignerResponse(certificate *x509.Certificate) *signing.SignerRespons
return &signing.SignerResponse{Certificate: certificate} return &signing.SignerResponse{Certificate: certificate}
} }
func randomSerial(t *testing.T) *big.Int {
t.Helper()
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
if err != nil {
t.Fatalf("could not generate random serial number: %v", err)
}
return serial
}
func (s *testSigner) SignCertificate(request *signing.SignerRequest) (*signing.SignerResponse, error) { func (s *testSigner) SignCertificate(request *signing.SignerRequest) (*signing.SignerResponse, error) {
startDate := time.Now().Add(-1 * time.Minute) startDate := time.Now().Add(-1 * time.Minute)
template := &x509.Certificate{ template := &x509.Certificate{
Subject: request.SubjectDN, Subject: request.SubjectDN,
SerialNumber: big.NewInt(rand2.Int63()), SerialNumber: randomSerial(s.t),
EmailAddresses: request.Emails, EmailAddresses: request.Emails,
NotBefore: startDate, NotBefore: startDate,
NotAfter: startDate.Add(request.Duration), NotAfter: startDate.Add(request.Duration),
@ -60,8 +69,6 @@ func (s *testSigner) SignCertificate(request *signing.SignerRequest) (*signing.S
} }
func TestSigning(t *testing.T) { func TestSigning(t *testing.T) {
rand2.Seed(time.Now().UnixMilli())
testRepository := testRepo{certs: make(map[string]x509.Certificate)} testRepository := testRepo{certs: make(map[string]x509.Certificate)}
testSigner := newTestSigner(t) testSigner := newTestSigner(t)
s := signing.NewX509Signing(testSigner, &testRepository) s := signing.NewX509Signing(testSigner, &testRepository)
@ -95,7 +102,7 @@ func newTestSigner(t *testing.T) *testSigner {
if err != nil { if err != nil {
t.Fatalf("could not generate key pair: %v", err) t.Fatalf("could not generate key pair: %v", err)
} }
caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: big.NewInt(rand2.Int63())} caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: randomSerial(t)}
certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey) certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey)
if err != nil { if err != nil {
@ -105,5 +112,5 @@ func newTestSigner(t *testing.T) *testSigner {
if err != nil { if err != nil {
t.Fatalf("could not create test CA certificate: %v", err) t.Fatalf("could not create test CA certificate: %v", err)
} }
return &testSigner{key: caKey, certificate: caCertificate} return &testSigner{key: caKey, certificate: caCertificate, t: t}
} }