Skip to content

Commit

Permalink
add more test
Browse files Browse the repository at this point in the history
  • Loading branch information
@nothinux
nothinux committed Apr 17, 2022
1 parent ff0698c commit 7ebbd57
Showing 1 changed file with 305 additions and 6 deletions.
311 changes: 305 additions & 6 deletions cmd/certify/helper_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,84 @@
package main

import (
"crypto/x509"
"net"
"os"
"reflect"
"testing"
"time"
)

func TestGeneratePrivateKeyAndCA(t *testing.T) {
pkey, err := generatePrivateKey("ca-key.pem")
if err != nil {
t.Fatal(err)
}

if err := generateCA(pkey.PrivateKey, "cn:local", "ca-cert.pem"); err != nil {
t.Fatal(err)
}

t.Run("Test create certificate", func(t *testing.T) {
pkey, err := generatePrivateKey("/tmp/pkey.pem")
if err != nil {
t.Fatal(err)
}

if err := generateCert(pkey.PrivateKey, []string{"127.0.0.1", "local.dev", "cn:server", "expiry:1d", "eku:serverauth"}); err != nil {
t.Fatal(err)
}
})

t.Run("Test export certificate to pkcs12", func(t *testing.T) {
_, err := getPfxData("/tmp/pkey.pem", "local.dev.pem", "ca-cert.pem", "p4ssw0rd")
if err != nil {
t.Fatal(err)
}
})

t.Cleanup(func() {
if err := os.Remove("ca-cert.pem"); err != nil {
t.Fatal(err)
}
if err := os.Remove("ca-key.pem"); err != nil {
t.Fatal(err)
}
if err := os.Remove("local.dev.pem"); err != nil {
t.Fatal(err)
}
if err := os.Remove("/tmp/pkey.pem"); err != nil {
t.Fatal(err)
}
})
}

func TestMatcher(t *testing.T) {
t.Run("Test valid certificate and private key", func(t *testing.T) {
pubkey, privkey, err := matcher("testdata/ca-key.pem", "testdata/ca-cert.pem")

if err != nil {
t.Fatalf("the private key and certificate must be match\n%v\n%v", pubkey, privkey)
}
})
t.Run("Test invalid certificate and private key path", func(t *testing.T) {
_, _, err := matcher("ca-key.pem", "ca-cert.pem")

if err == nil {
t.Fatalf("the matcher must be error, because the path is invalid")
}
})
}

func TestParseArgs(t *testing.T) {
tests := []struct {
Name string
Args []string
expectedIP []net.IP
expectedDNS []string
expectedCN string
Name string
Args []string
expectedIP []net.IP
expectedDNS []string
expectedCN string
expectedExpiry time.Time
expectedEku []x509.ExtKeyUsage
}{
{
Name: "Test with ip and dns names",
Expand Down Expand Up @@ -46,11 +113,31 @@ func TestParseArgs(t *testing.T) {
Args: []string{"certify", "cn:srv.example.com", "cn:example.com"},
expectedCN: "srv.example.com",
},
{
Name: "Test with expiry 12 hours",
Args: []string{"certify", "sub.example.local", "expiry:12h"},
expectedExpiry: time.Now().Add(12 * time.Hour),
},
{
Name: "Test with expiry 30 days",
Args: []string{"certify", "cn:server", "expiry:30d"},
expectedExpiry: time.Now().Add(30 * 24 * time.Hour),
expectedCN: "server",
},
{
Name: "Test with custom ekus",
Args: []string{"certify", "cn:client", "eku:serverauth,codesigning"},
expectedEku: []x509.ExtKeyUsage{
x509.ExtKeyUsageServerAuth,
x509.ExtKeyUsageCodeSigning,
},
expectedCN: "client",
},
}

for _, tt := range tests {
t.Run(tt.Name, func(t *testing.T) {
ips, dns, cn, _, _ := parseArgs(tt.Args)
ips, dns, cn, expiry, ekus := parseArgs(tt.Args)

if len(tt.expectedIP) != 0 {
for i, ip := range ips {
Expand All @@ -71,6 +158,31 @@ func TestParseArgs(t *testing.T) {
if cn != tt.expectedCN {
t.Fatalf("got %v, want %v", cn, tt.expectedCN)
}

if !tt.expectedExpiry.IsZero() {
if expiry.Unix() != tt.expectedExpiry.Unix() {
t.Fatalf("got %v, want %v", expiry.Unix(), tt.expectedExpiry.Unix())
}
} else {
if expiry.Unix() != time.Now().Add(8766*time.Hour).Unix() {
t.Fatalf("got %v, want %v", expiry.Unix(), time.Now().Add(8766*time.Hour).Unix())
}
}

if len(tt.expectedEku) != 0 {
if !reflect.DeepEqual(ekus, tt.expectedEku) {
t.Fatalf("fot %v, want %v", ekus, tt.expectedEku)
}
} else {
defaultEku := []x509.ExtKeyUsage{
x509.ExtKeyUsageClientAuth,
x509.ExtKeyUsageServerAuth,
}

if !reflect.DeepEqual(ekus, defaultEku) {
t.Fatalf("got %v, want %v", ekus, defaultEku)
}
}
})
}
}
Expand Down Expand Up @@ -148,3 +260,190 @@ func TestGetFilename(t *testing.T) {
})
}
}

func TestParseCN(t *testing.T) {
tests := []struct {
Name string
CN string
ExpectedCN string
}{
{
Name: "Test valid common name",
CN: "cn:server",
ExpectedCN: "server",
},
{
Name: "Test empty common name",
CN: "cn:",
ExpectedCN: "certify",
},
}

for _, tt := range tests {
t.Run(tt.Name, func(t *testing.T) {
parsedCN := parseCN(tt.CN)

if parsedCN != tt.ExpectedCN {
t.Fatalf("got %v, want %v", parsedCN, tt.ExpectedCN)
}
})
}
}

func TestParseEKU(t *testing.T) {
tests := []struct {
Name string
Eku string
ExpectedEku []x509.ExtKeyUsage
}{
{
Name: "Test eku serverauth",
Eku: "eku:serverAuth",
ExpectedEku: []x509.ExtKeyUsage{
x509.ExtKeyUsageServerAuth,
},
},
{
Name: "Test eku client auth and code signing",
Eku: "eku:clientAuth,codesigning",
ExpectedEku: []x509.ExtKeyUsage{
x509.ExtKeyUsageClientAuth,
x509.ExtKeyUsageCodeSigning,
},
},
{
Name: "Test all eku",
Eku: "eku:serverauth,clientauth,any,codesigning,emailprotection,ipsecendsystem,ipsectunnel,ipsecuser,timestamping,ocspsigning,microsoftservergatedcrypto,netscapeservergatedcrypto,microsoftcommercialcodesigning,microsoftkernelcodesigning",
ExpectedEku: []x509.ExtKeyUsage{
x509.ExtKeyUsageServerAuth,
x509.ExtKeyUsageClientAuth,
x509.ExtKeyUsageAny,
x509.ExtKeyUsageCodeSigning,
x509.ExtKeyUsageEmailProtection,
x509.ExtKeyUsageIPSECEndSystem,
x509.ExtKeyUsageIPSECTunnel,
x509.ExtKeyUsageIPSECUser,
x509.ExtKeyUsageTimeStamping,
x509.ExtKeyUsageOCSPSigning,
x509.ExtKeyUsageMicrosoftServerGatedCrypto,
x509.ExtKeyUsageNetscapeServerGatedCrypto,
x509.ExtKeyUsageMicrosoftCommercialCodeSigning,
x509.ExtKeyUsageMicrosoftKernelCodeSigning,
},
},
{
Name: "Test empty eku",
Eku: "eku:",
ExpectedEku: []x509.ExtKeyUsage{},
},
}

for _, tt := range tests {
t.Run(tt.Name, func(t *testing.T) {
parsedEku := parseEKU(tt.Eku)

if len(parsedEku) == 0 {
if len(parsedEku) != len(tt.ExpectedEku) {
t.Fatalf("got %v, want %v", len(parsedEku), len(tt.ExpectedEku))
}
return
}

if !reflect.DeepEqual(parsedEku, tt.ExpectedEku) {
t.Fatalf("got %v, want %v", parsedEku, tt.ExpectedEku)
}
})
}
}

func TestParseExpiry(t *testing.T) {
tests := []struct {
Name string
Time string
ExpectedTime time.Time
}{
{
Name: "Test 5 seconds",
Time: "expiry:5s",
ExpectedTime: time.Now().Add(5 * time.Second),
},
{
Name: "Test 10 minutes",
Time: "expiry:10m",
ExpectedTime: time.Now().Add(10 * time.Minute),
},
{
Name: "Test 5 hours",
Time: "expiry:5h",
ExpectedTime: time.Now().Add(5 * time.Hour),
},
{
Name: "Test 7 days",
Time: "expiry:7d",
ExpectedTime: time.Now().Add(7 * 24 * time.Hour),
},
{
Name: "Test 2 years",
Time: "expiry:2y",
ExpectedTime: time.Now().Add(8766 * time.Hour),
},
{
Name: "Test no time",
Time: "expiry:",
ExpectedTime: time.Now().Add(8766 * time.Hour),
},
{
Name: "Test wrong format",
Time: "expiry:od",
ExpectedTime: time.Now().Add(8766 * time.Hour),
},
}

for _, tt := range tests {
t.Run(tt.Name, func(t *testing.T) {
result := parseExpiry(tt.Time)

if result.Unix() != tt.ExpectedTime.Unix() {
t.Fatalf("got %v, want %v", result.Unix(), tt.ExpectedTime.Unix())
}
})

}
}

func TestIsExist(t *testing.T) {
t.Run("Test if path is exists", func(t *testing.T) {
if err := os.Mkdir("/tmp/randpath", 0755); err != nil {
t.Fatal(err)
}

if !isExist("/tmp/randpath") {
t.Fatalf("path must be exists")
}

if err := os.Remove("/tmp/randpath"); err != nil {
t.Fatal(err)
}
})
t.Run("Test if path is not exists", func(t *testing.T) {
if isExist("/tmp/xxx/yyy/zzz") {
t.Fatalf("path must be doesn't exists")
}
})
}

func TestTlsDial(t *testing.T) {
t.Run("Test valid host", func(t *testing.T) {
_, err := tlsDial("google.com:443")
if err != nil {
t.Fatalf("the dial must be success %v", err)
}
})

t.Run("Test Invalid host", func(t *testing.T) {
_, err := tlsDial("google.com")
if err == nil {
t.Fatalf("the dial must be error")
}
})
}

0 comments on commit 7ebbd57

Please sign in to comment.