1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
package pki
import (
"crypto/elliptic"
"crypto/x509/pkix"
"math/big"
"reflect"
"testing"
)
var (
TestCertificateData = CertificateData{
Subject: pkix.Name{CommonName: "foobar"},
DNSNames: []string{"foo.bar", "example.com"},
}
)
func TestCertificateCreation(t *testing.T) {
ed25519Key, err := NewPrivateKeyEd25519()
if err != nil {
t.Errorf("cert: creating private key ed25519 failed: %s", err)
}
ecdsaKey, err := NewPrivateKeyEcdsa(elliptic.P224())
if err != nil {
t.Errorf("cert: creating private key ecdsa failed: %s", err)
}
rsaKey, err := NewPrivateKeyRsa(1024)
if err != nil {
t.Errorf("cert: creating private key rsa failed: %s", err)
}
for _, pk := range []PrivateKey{rsaKey, ecdsaKey, ed25519Key} {
csr, err := TestCertificateData.ToCertificateRequest(pk)
if err != nil {
t.Errorf("cert: creating csr failed: %s", err)
}
cert_opts := CertificateOptions{
// KeyUsage: x509.KeyUsageEncipherOnly | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign,
SerialNumber: big.NewInt(1),
CALength: -1,
}
cert, err := csr.ToCertificate(pk, cert_opts, nil)
if err != nil {
t.Errorf("cert: creating cert failed: %s", err)
}
if !fieldsAreSame(TestCertificateData, cert) {
t.Errorf("cert: Fields are not the same")
}
}
}
func fieldsAreSame(data CertificateData, cert *Certificate) bool {
if cert == nil {
return false
}
if data.Subject.CommonName != cert.Subject.CommonName {
return false
}
if !reflect.DeepEqual(data.Subject.Country, cert.Subject.Country) {
return false
}
if !reflect.DeepEqual(data.DNSNames, cert.DNSNames) {
return false
}
if !reflect.DeepEqual(data.IPAddresses, cert.IPAddresses) {
return false
}
if !reflect.DeepEqual(data.EmailAddresses, cert.EmailAddresses) {
return false
}
return true
}
|
