// Copyright (C) 2017. See AUTHORS.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package openssl
import (
"math/big"
"testing"
"time"
)
func TestCertGenerate(t *testing.T) {
key, err := GenerateRSAKey(768)
if err != nil {
t.Fatal(err)
}
info := &CertificateInfo{
Serial: big.NewInt(int64(1)),
Issued: 0,
Expires: 24 * time.Hour,
Country: "US",
Organization: "Test",
CommonName: "localhost",
}
cert, err := NewCertificate(info, key)
if err != nil {
t.Fatal(err)
}
if err := cert.Sign(key, EVP_SHA256); err != nil {
t.Fatal(err)
}
}
func TestCAGenerate(t *testing.T) {
cakey, err := GenerateRSAKey(768)
if err != nil {
t.Fatal(err)
}
info := &CertificateInfo{
Serial: big.NewInt(int64(1)),
Issued: 0,
Expires: 24 * time.Hour,
Country: "US",
Organization: "Test CA",
CommonName: "CA",
}
ca, err := NewCertificate(info, cakey)
if err != nil {
t.Fatal(err)
}
if err := ca.AddExtensions(map[NID]string{
NID_basic_constraints: "critical,CA:TRUE",
NID_key_usage: "critical,keyCertSign,cRLSign",
NID_subject_key_identifier: "hash",
NID_netscape_cert_type: "sslCA",
}); err != nil {
t.Fatal(err)
}
if err := ca.Sign(cakey, EVP_SHA256); err != nil {
t.Fatal(err)
}
key, err := GenerateRSAKey(768)
if err != nil {
t.Fatal(err)
}
info = &CertificateInfo{
Serial: big.NewInt(int64(1)),
Issued: 0,
Expires: 24 * time.Hour,
Country: "US",
Organization: "Test",
CommonName: "localhost",
}
cert, err := NewCertificate(info, key)
if err != nil {
t.Fatal(err)
}
if err := cert.AddExtensions(map[NID]string{
NID_basic_constraints: "critical,CA:FALSE",
NID_key_usage: "keyEncipherment",
NID_ext_key_usage: "serverAuth",
}); err != nil {
t.Fatal(err)
}
if err := cert.SetIssuer(ca); err != nil {
t.Fatal(err)
}
if err := cert.Sign(cakey, EVP_SHA256); err != nil {
t.Fatal(err)
}
}
func TestCertGetNameEntry(t *testing.T) {
key, err := GenerateRSAKey(768)
if err != nil {
t.Fatal(err)
}
info := &CertificateInfo{
Serial: big.NewInt(int64(1)),
Issued: 0,
Expires: 24 * time.Hour,
Country: "US",
Organization: "Test",
CommonName: "localhost",
}
cert, err := NewCertificate(info, key)
if err != nil {
t.Fatal(err)
}
name, err := cert.GetSubjectName()
if err != nil {
t.Fatal(err)
}
entry, ok := name.GetEntry(NID_commonName)
if !ok {
t.Fatal("no common name")
}
if entry != "localhost" {
t.Fatalf("expected localhost; got %q", entry)
}
entry, ok = name.GetEntry(NID_localityName)
if ok {
t.Fatal("did not expect a locality name")
}
if entry != "" {
t.Fatalf("entry should be empty; got %q", entry)
}
}
func TestCertVersion(t *testing.T) {
key, err := GenerateRSAKey(768)
if err != nil {
t.Fatal(err)
}
info := &CertificateInfo{
Serial: big.NewInt(int64(1)),
Issued: 0,
Expires: 24 * time.Hour,
Country: "US",
Organization: "Test",
CommonName: "localhost",
}
cert, err := NewCertificate(info, key)
if err != nil {
t.Fatal(err)
}
if err := cert.SetVersion(X509_V3); err != nil {
t.Fatal(err)
}
if vers := cert.GetVersion(); vers != X509_V3 {
t.Fatalf("bad version: %d", vers)
}
}