Merge branch 'certificate'

This adds the API to generate certificates in the same way certificate
sign requests were built.

It works but still lacks some features and fields.

1 files changed, 46 insertions, 0 deletions

diff --git a/certificate_test.go b/certificate_test.go
new file mode 100644
index 0000000..3cb4a64
--- /dev/null
+++ b/certificate_test.go
@@ -0,0 +1,46 @@
+package pki
+
+import (
+  "crypto/elliptic"
+//  "crypto/x509"
+  "crypto/x509/pkix"
+  "math/big"
+  "reflect"
+  "testing"
+)
+
+var (
+  TestCertificateData = CertificateData{
+    Subject:  pkix.Name{CommonName: "foobar"},
+    DNSNames: []string{"foo.bar", "example.com"},
+  }
+)
+
+func TestCertificateCreation(t *testing.T) {
+  pk, err := NewPrivateKeyEcdsa(elliptic.P224())
+  if err != nil { t.Errorf("cert: creating private key failed: %s", err) }
+
+  csr, err := TestCertificateData.ToCertificateRequest(pk)
+  if err != nil { t.Errorf("cert: creating csr failed: %s", err) }
+
+  cert_opts := CertificateOptions{
+    // KeyUsage:  x509.KeyUsageEncipherOnly | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign,
+    SerialNumber: big.NewInt(1),
+  }
+
+  cert, err := csr.ToCertificate(pk, cert_opts, nil)
+  if err != nil { t.Errorf("cert: creating cert failed: %s", err) }
+
+  if !fieldsAreSame(TestCertificateData, cert) {
+    t.Errorf("cert: Fields are not the same")
+  }
+}
+
+func fieldsAreSame(data CertificateData, cert *Certificate) bool {
+  if data.Subject.CommonName != cert.Subject.CommonName             { return false }
+  if !reflect.DeepEqual(data.Subject.Country, cert.Subject.Country) { return false }
+  if !reflect.DeepEqual(data.DNSNames, cert.DNSNames)               { return false }
+  if !reflect.DeepEqual(data.IPAddresses, cert.IPAddresses)         { return false }
+  if !reflect.DeepEqual(data.EmailAddresses, cert.EmailAddresses)   { return false }
+  return true
+}