Change file handling behaviour (#6)

This PR will prevent certify to override existing private key and certificate file * add test to test parse rsa key * make sure ertify not override any file
nothinux · Dec 29, 2022 · 36526d3 · 36526d3
1 parent 9601aad
commit 36526d3
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 16 deletions.
diff --git a/certify b/certify
diff --git a/cmd/certify/command_test.go b/cmd/certify/command_test.go
@@ -229,6 +229,8 @@ func TestCreateCertificate(t *testing.T) {
 				t.Fatalf("got %v, want open ca-key.pem: no such file or directory", err.Error())
 			}
 		}
+
+		os.Remove("nothinux.local-key.pem")
 	})
 
 	t.Run("Test create certificate", func(t *testing.T) {

diff --git a/cmd/certify/helper.go b/cmd/certify/helper.go
@@ -414,6 +414,10 @@ func parseExpiry(expiry string) time.Time {
 
 // store write content to given path and returns an error
 func store(c, path string) error {
+	if isExist(path) {
+		return errors.New(fmt.Sprintf("file %s already exists", path))
+	}
+
 	return os.WriteFile(path, []byte(c), 0640)
 }
 

diff --git a/cmd/certify/helper_test.go b/cmd/certify/helper_test.go
@@ -20,12 +20,12 @@ func TestGeneratePrivateKeyAndCA(t *testing.T) {
 	}
 
 	t.Run("Test create certificate", func(t *testing.T) {
-		pkey, err := generatePrivateKey("/tmp/pkey.pem")
+		cpkey, err := generatePrivateKey("/tmp/pkey.pem")
 		if err != nil {
 			t.Fatal(err)
 		}
 
-		if err := generateCert(pkey.PrivateKey, []string{"127.0.0.1", "local.dev", "cn:server", "expiry:1d", "eku:serverauth"}); err != nil {
+		if err := generateCert(cpkey.PrivateKey, []string{"127.0.0.1", "local.dev", "cn:server", "expiry:1d", "eku:serverauth"}); err != nil {
 			t.Fatal(err)
 		}
 	})
@@ -39,6 +39,12 @@ func TestGeneratePrivateKeyAndCA(t *testing.T) {
 		if err := generateIntermediateCert(ikey.PrivateKey, []string{"cn:nothinux", "expiry:100d"}); err != nil {
 			t.Fatal(err)
 		}
+
+		t.Cleanup(func() {
+			cleanupfiles([]string{
+				caInterPath, caInterKeyPath,
+			})
+		})
 	})
 
 	t.Run("Test create intermediate certificate and certificate", func(t *testing.T) {
@@ -69,17 +75,18 @@ func TestGeneratePrivateKeyAndCA(t *testing.T) {
 	})
 
 	t.Cleanup(func() {
-		os.Remove(caPath)
-		os.Remove(caKeyPath)
-		os.Remove(caInterPath)
-		os.Remove(caInterKeyPath)
-		os.Remove("local.dev.pem")
-		os.Remove("/tmp/pkey.pem")
-		os.Remove("local-2.dev.pem")
-		os.Remove("/tmp/pkey-2.pem")
+		cleanupfiles([]string{
+			caPath, caKeyPath, caInterPath, caInterKeyPath, caKeyPath, "local.dev.pem", "/tmp/pkey.pem", "local-2.dev.pem", "/tmp/pkey-2.pem",
+		})
 	})
 }
 
+func cleanupfiles(paths []string) {
+	for _, path := range paths {
+		os.Remove(path)
+	}
+}
+
 func TestMatcher(t *testing.T) {
 	t.Run("Test valid certificate and private key", func(t *testing.T) {
 		pubkey, privkey, err := matcher("testdata/ca-key.pem", "testdata/ca-cert.pem")

diff --git a/key_test.go b/key_test.go
@@ -12,6 +12,16 @@ MHcCAQEEIL66D9bK8UInoN0xfbQ3/usWXWzHSb8cq+e2RfO6usYpoAoGCCqGSM49
 AwEHoUQDQgAE8aYzn9wIIS+K4/lX6aoUQR18rGLsjKmQgIa+vtc3jwWclNJhh3tT
 AsroDcdnN6haaQt3fmI56TphJF5PXCAhIQ==
 -----END EC PRIVATE KEY-----
+`
+	RSAPKEYDATA = `-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBAMqARHoSpBvmYR92JAfSf4roUoyLB9D6e/nNoIK7yjw5PvUGEHM+
+uMOiIQjlqui020aj5TeuWs09ljGKhcF0nGkCAwEAAQJAZiBiaJ5WHawGd3OBoGBM
+6qVYXIERpBdvxwApX0WOLOhcAJ5nYSboyppHEYTk4NgK7YuoZy61KswAU+qmy/Jw
+AQIhAPHWn5ghX+VhTG/J1ZY/y13hOpj4+9Eki+MJNr7pXqXpAiEA1lvxHLYEDOev
+rj4iN5/bvF6Dbl1QYrwMa582C2LPsoECIAuPpA+EwO3ZSesqLfDB2foB82gutvMX
+mSxgW2KjC2hJAiA2xQ0pIdSNG5GGurdxcPXq/lckltEYOSYPRYHAjQG2gQIgZdwE
+QfCCn+yOvP+oeXatjlGliCnVL95G6fA1icn4AnE=
+-----END RSA PRIVATE KEY-----
 `
 )
 
@@ -30,18 +40,25 @@ func TestGetPrivateKey(t *testing.T) {
 }
 
 func TestParsePrivateKey(t *testing.T) {
-	p, err := ParsePrivateKey([]byte(PKEYDATA))
-	if err != nil {
-		t.Fatal(err)
-	}
+	t.Run("Test compare parsed valid private key", func(t *testing.T) {
+		p, err := ParsePrivateKey([]byte(PKEYDATA))
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	pkey := &PrivateKey{p}
+		pkey := &PrivateKey{p}
 
-	t.Run("Test compare parsed private key", func(t *testing.T) {
 		if !reflect.DeepEqual(pkey.String(), PKEYDATA) {
 			t.Fatalf("\ngot %v\nwant %v\n", pkey.String(), PKEYDATA)
 		}
 	})
+
+	t.Run("Test parsing unsuported rsa private key", func(t *testing.T) {
+		_, err := ParsePrivateKey([]byte(RSAPKEYDATA))
+		if err == nil {
+			t.Fatalf("got no error, want error contains x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format")
+		}
+	})
 }
 
 func TestParseEmptyPrivateKeyFile(t *testing.T) {
-Original file line number
+Diff line change
@@ Expand Up / @@ -229,6 +229,8 @@ func TestCreateCertificate(t *testing.T) { @@
     				t.Fatalf("got %v, want open ca-key.pem: no such file or directory", err.Error())
     			}
     		}
+    		os.Remove("nothinux.local-key.pem")
     	})
     	t.Run("Test create certificate", func(t *testing.T) {
@@ Expand Down @@