jandd
/
cacert-gosigner
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

Move x509 and openpgp into pkg

Browse Source 
small refactoring to unify package structure. Use crypto.rand for serial
number generation in tests.
main
Jan Dittberner 2 years ago
parent 20580cda52
commit 63c3716b5b
11 changed files with 27 additions and 12 deletions
Show Stats Download Patch File Download Diff File

0
openpgp/signing/repository.go → pkg/openpgp/signing/repository.go
Unescape Escape View File

0
openpgp/signing/signing.go → pkg/openpgp/signing/signing.go
Unescape Escape View File

2
x509/openssl/repository.go → pkg/x509/openssl/repository.go
Unescape Escape View File

@ -14,7 +14,7 @@ import (
"sync" "sync"
"time" "time"
"git.cacert.org/cacert-gosigner/x509/revoking" "git.cacert.org/cacert-gosigner/pkg/x509/revoking"
) )
const TimeSpec = "060102030405Z" const TimeSpec = "060102030405Z"

4
x509/openssl/repository_test.go → pkg/x509/openssl/repository_test.go
Unescape Escape View File

@ -11,8 +11,8 @@ import (
"testing" "testing"
"time" "time"
"git.cacert.org/cacert-gosigner/x509/openssl" "git.cacert.org/cacert-gosigner/pkg/x509/openssl"
"git.cacert.org/cacert-gosigner/x509/revoking" "git.cacert.org/cacert-gosigner/pkg/x509/revoking"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )

0
x509/revoking/repository.go → pkg/x509/revoking/repository.go
Unescape Escape View File

0
x509/revoking/revoking.go → pkg/x509/revoking/revoking.go
Unescape Escape View File

12
x509/revoking/revoking_test.go → pkg/x509/revoking/revoking_test.go
Unescape Escape View File

@ -6,7 +6,6 @@ import (
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
"math/big" "math/big"
rand2 "math/rand"
"testing" "testing"
"time" "time"
@ -35,6 +34,15 @@ func (t *testRepo) StoreRevocation(revoked *pkix.RevokedCertificate) error {
return nil return nil
} }
func randomSerial(t *testing.T) *big.Int {
t.Helper()
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
if err != nil {
t.Fatalf("could not generate random serial number: %v", err)
}
return serial
}
func TestRevoking(t *testing.T) { func TestRevoking(t *testing.T) {
testRepository := testRepo{revoked: make([]big.Int, 0)} testRepository := testRepo{revoked: make([]big.Int, 0)}
@ -42,7 +50,7 @@ func TestRevoking(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("could not generate key pair: %v", err) t.Fatalf("could not generate key pair: %v", err)
} }
caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: big.NewInt(rand2.Int63())} caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: randomSerial(t)}
certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey) certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey)
if err != nil { if err != nil {

0
x509/signing/repository.go → pkg/x509/signing/repository.go
Unescape Escape View File

0
x509/signing/signer.go → pkg/x509/signing/signer.go
Unescape Escape View File

0
x509/signing/signing.go → pkg/x509/signing/signing.go
Unescape Escape View File

21
x509/signing/signing_test.go → pkg/x509/signing/signing_test.go
Unescape Escape View File

@ -7,11 +7,10 @@ import (
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
"math/big" "math/big"
rand2 "math/rand"
"testing" "testing"
"time" "time"
"git.cacert.org/cacert-gosigner/x509/signing" "git.cacert.org/cacert-gosigner/pkg/x509/signing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
@ -25,6 +24,7 @@ func (r *testRepo) StoreCertificate(certificate *x509.Certificate) error {
} }
type testSigner struct { type testSigner struct {
t *testing.T
key crypto.PrivateKey key crypto.PrivateKey
certificate *x509.Certificate certificate *x509.Certificate
} }
@ -33,11 +33,20 @@ func newTestSignerResponse(certificate *x509.Certificate) *signing.SignerRespons
return &signing.SignerResponse{Certificate: certificate} return &signing.SignerResponse{Certificate: certificate}
} }
func randomSerial(t *testing.T) *big.Int {
t.Helper()
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
if err != nil {
t.Fatalf("could not generate random serial number: %v", err)
}
return serial
}
func (s *testSigner) SignCertificate(request *signing.SignerRequest) (*signing.SignerResponse, error) { func (s *testSigner) SignCertificate(request *signing.SignerRequest) (*signing.SignerResponse, error) {
startDate := time.Now().Add(-1 * time.Minute) startDate := time.Now().Add(-1 * time.Minute)
template := &x509.Certificate{ template := &x509.Certificate{
Subject: request.SubjectDN, Subject: request.SubjectDN,
SerialNumber: big.NewInt(rand2.Int63()), SerialNumber: randomSerial(s.t),
EmailAddresses: request.Emails, EmailAddresses: request.Emails,
NotBefore: startDate, NotBefore: startDate,
NotAfter: startDate.Add(request.Duration), NotAfter: startDate.Add(request.Duration),
@ -60,8 +69,6 @@ func (s *testSigner) SignCertificate(request *signing.SignerRequest) (*signing.S
} }
func TestSigning(t *testing.T) { func TestSigning(t *testing.T) {
rand2.Seed(time.Now().UnixMilli())
testRepository := testRepo{certs: make(map[string]x509.Certificate)} testRepository := testRepo{certs: make(map[string]x509.Certificate)}
testSigner := newTestSigner(t) testSigner := newTestSigner(t)
s := signing.NewX509Signing(testSigner, &testRepository) s := signing.NewX509Signing(testSigner, &testRepository)
@ -95,7 +102,7 @@ func newTestSigner(t *testing.T) *testSigner {
if err != nil { if err != nil {
t.Fatalf("could not generate key pair: %v", err) t.Fatalf("could not generate key pair: %v", err)
} }
caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: big.NewInt(rand2.Int63())} caTemplate := &x509.Certificate{Subject: pkix.Name{CommonName: "Test CA"}, SerialNumber: randomSerial(t)}
certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey) certificateBytes, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, caKey.Public(), caKey)
if err != nil { if err != nil {
@ -105,5 +112,5 @@ func newTestSigner(t *testing.T) *testSigner {
if err != nil { if err != nil {
t.Fatalf("could not create test CA certificate: %v", err) t.Fatalf("could not create test CA certificate: %v", err)
} }
return &testSigner{key: caKey, certificate: caCertificate} return &testSigner{key: caKey, certificate: caCertificate, t: t}
} }
Write Preview
Loading…
Cancel
Save