Skip to content

Commit

Permalink
add test for export certificate
Browse files Browse the repository at this point in the history
  • Loading branch information
nothinux committed May 6, 2022
2 parents 6bc304c + 767b7ec commit 4854173
Show file tree
Hide file tree
Showing 5 changed files with 89 additions and 21 deletions.
27 changes: 7 additions & 20 deletions cmd/certify/command.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,10 @@ package main
import (
"fmt"
"io"
"log"
"os"
"strings"
"syscall"

"github.com/nothinux/certify"
"golang.org/x/term"
)

// initCA create private key and certificate for certificate authority
Expand Down Expand Up @@ -72,7 +69,7 @@ func readCertificate(args []string, stdin *os.File) (string, error) {
// readRemoteCertificate read certificate from remote host
func readRemoteCertificate(args []string) (string, error) {
if len(args) < 3 {
return "", fmt.Errorf("you must provide remote host.\n")
return "", fmt.Errorf("you must provide remote host")
}

result, err := tlsDial(args[2])
Expand Down Expand Up @@ -106,22 +103,11 @@ func matchCertificate(args []string) error {
}

// exportCertificate export certificate to pkcs12 format
func exportCertificate(args []string) {
if len(args) < 5 {
fmt.Println("you must provide [key-path] [cert-path] and [ca-path]")
os.Exit(1)
}

fmt.Print("enter password: ")
bytePass, err := term.ReadPassword(int(syscall.Stdin))
if err != nil {
log.Fatal(err)
}

func exportCertificate(args []string, bytePass []byte) error {
// verify if cert and key has same public key
_, _, err = matcher(args[2], args[3])
_, _, err := matcher(args[2], args[3])
if err != nil {
log.Fatal("\n", err)
return err
}

pfxData, err := getPfxData(
Expand All @@ -131,13 +117,14 @@ func exportCertificate(args []string) {
string(bytePass),
)
if err != nil {
log.Fatal(err)
return err
}

if err := os.WriteFile("client.p12", pfxData, 0644); err != nil {
log.Fatal(err)
return err
}
fmt.Println("\ncertificate exported to client.p12")
return nil
}

// createCertificate generate certificate and signed with existing CA
Expand Down
48 changes: 48 additions & 0 deletions cmd/certify/command_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -267,3 +267,51 @@ func TestCreateIntermediateCertificate(t *testing.T) {
os.Remove(caInterKeyPath)
})
}

func TestExportCertificate(t *testing.T) {
tests := []struct {
Name string
Args []string
Password string
expectedError string
}{
{
Name: "Test export certificate",
Args: []string{"certify", "-match", "testdata/server-key.pem", "testdata/server.pem", "testdata/ca-cert.pem"},
Password: "password",
},
{
Name: "Test export certificate with invalid private key",
Args: []string{"certify", "-match", "testdata/key.pem", "testdata/server.pem", "testdata/ca-cert.pem"},
Password: "password",
expectedError: "no such file or directory",
},
{
Name: "Test export certificate doesn't match with private key",
Args: []string{"certify", "-match", "testdata/server-key.pem", "testdata/nothinux.pem", "testdata/ca-cert.pem"},
Password: "password",
expectedError: "private key doesn't match with given certificate",
},
{
Name: "Test export with wrong argument",
Args: []string{"certify", "-match", "testdata/server.pem", "testdata/server-key.pem", "testdata/ca-cert.pem"},
Password: "password",
expectedError: "failed to parse EC private key",
},
}

for _, tt := range tests {
t.Run(tt.Name, func(t *testing.T) {
if err := exportCertificate(tt.Args, []byte(tt.Password)); err != nil {
if !strings.Contains(err.Error(), tt.expectedError) {
t.Fatalf("the error must be contain %s, got %v", tt.expectedError, err)
}
}
})

t.Cleanup(func() {
os.Remove("client.p12")
})
}

}
19 changes: 18 additions & 1 deletion cmd/certify/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ import (
"fmt"
"log"
"os"
"syscall"

"golang.org/x/term"
)

var usage = ` _ _ ___
Expand Down Expand Up @@ -104,7 +107,21 @@ func runMain() error {
}

if *epkcs12 {
exportCertificate(os.Args)
if len(os.Args) < 5 {
fmt.Println("you must provide [key-path] [cert-path] and [ca-path]")
os.Exit(1)
}

fmt.Print("enter password: ")
bytePass, err := term.ReadPassword(int(syscall.Stdin))
if err != nil {
log.Fatal(err)
}

if err := exportCertificate(os.Args, bytePass); err != nil {
return err
}

return nil
}

Expand Down
5 changes: 5 additions & 0 deletions cmd/certify/testdata/server-key.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIO+BHvmxk6M7bAS8TTzzZI5XSQZJmuXi2CddrpDL4uzcoAoGCCqGSM49
AwEHoUQDQgAE3p4hOn31nKC/MHoMN03mkmJfMMh8n2Dpv+GNdJXaGJ2ILFnhiqTV
fnBJ8ZZCDbTBbB7LuQkoKkWP37Cxx1dK0g==
-----END EC PRIVATE KEY-----
11 changes: 11 additions & 0 deletions cmd/certify/testdata/server.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBmDCCAT2gAwIBAgIQT8HhCBzd7EOfY3QglPianzAKBggqhkjOPQQDAjAkMRAw
DgYDVQQKEwdjZXJ0aWZ5MRAwDgYDVQQDEwdjZXJ0aWZ5MB4XDTIyMDUwMTEzNDM0
NFoXDTIzMDUwMTE5NDM0NFowEjEQMA4GA1UEChMHY2VydGlmeTBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABN6eITp99ZygvzB6DDdN5pJiXzDIfJ9g6b/hjXSV2hid
iCxZ4Yqk1X5wSfGWQg20wWwey7kJKCpFj9+wscdXStKjYzBhMB0GA1UdJQQWMBQG
CCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFO5Q
rJ8GmfvwFNrZ+h2y5wFi4Cl6MBEGA1UdEQQKMAiCBnNlcnZlcjAKBggqhkjOPQQD
AgNJADBGAiEA5UhXkn+GRa0zoRZqY4cmGNQSduQmmJWN7bKvMDIl6aACIQCw+kfg
xZftkNs1hC0YE+tWl7W0O6/mG1oKxIjfurHuUA==
-----END CERTIFICATE-----

0 comments on commit 4854173

Please sign in to comment.